From 3c67f77555e636f949588c049c2074c70a1cbe33 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 cron-listjobs-html.lsp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'cron-listjobs-html.lsp')

diff --git a/cron-listjobs-html.lsp b/cron-listjobs-html.lsp
index 6f21673..d9705e0 100644
--- a/cron-listjobs-html.lsp
+++ b/cron-listjobs-html.lsp
@@ -10,7 +10,7 @@ end %>
 
 <H1>Cron Jobs</H1>
 <% for i,tabl in ipairs(view.value) do %>
-<H2><%= tabl.period %></H2>
+<H2><%= html.html_escape(tabl.period) %></H2>
 	<% if #tabl.jobs == 0 then %>
 No jobs
 	<% else %>
@@ -25,7 +25,7 @@ No jobs
 			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editjob?name="..job.."&redir="..page_info.orig_action, label="Edit "} %>
 			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletejob?name="..job, label="Delete "} %>
 		</TD>
-		<TD style="white-space:nowrap;"><%= string.gsub(job, "^.*/", "") %></TD>
+		<TD style="white-space:nowrap;"><%= html.html_escape(string.gsub(job, "^.*/", "")) %></TD>
 	</TR>
 		<% end %>
 </TABLE>
-- 
cgit v1.2.3