From 3c67f77555e636f949588c049c2074c70a1cbe33 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 health-storage-html.lsp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'health-storage-html.lsp')

diff --git a/health-storage-html.lsp b/health-storage-html.lsp
index cd9162e..bd2a20a 100644
--- a/health-storage-html.lsp
+++ b/health-storage-html.lsp
@@ -1,22 +1,22 @@
 <% local view = ... %>
 
 <% displaydisk = function(disk, name)
-io.write("<pre>"..disk.value.."</pre>\n")
+io.write("<pre>"..html.html_escape(disk.value).."</pre>\n")
 io.write('<TABLE STYLE="margin:0px;padding:0px;border:0px">\n')
 io.write("	<TR>\n")
 io.write("		<TD>0%</TD>\n")
 if tonumber(disk.used) > 0 then
-	io.write('		<TD WIDTH="'..disk.used..'%" STYLE="background:red;border:2px solid black;')
+	io.write('		<TD WIDTH="'..html.html_escape(disk.used)..'%" STYLE="background:red;border:2px solid black;')
 	if tonumber(disk.used) < 100 then io.write('border-right:none;') end
 	io.write('"><CENTER><B>')
-	if ( tonumber(disk.used) > 10) then io.write(disk.used .. "%") end
+	if ( tonumber(disk.used) > 10) then io.write(html.html_escape(disk.used) .. "%") end
 	io.write('</B></CENTER></TD>\n')
 end
 if tonumber(disk.used) < 100 then
-	io.write('		<TD WIDTH="'..(100-disk.used)..'%" STYLE="background:#0c0;border:2px solid black;')
+	io.write('		<TD WIDTH="'..(100-tonumber(disk.used))..'%" STYLE="background:#0c0;border:2px solid black;')
 	if tonumber(disk.used) > 0 then io.write('border-left:none;') end
 	io.write('"><CENTER><B>')
-	if ( 90 > tonumber(disk.used)) then io.write((100-disk.used) .. "%") end
+	if ( 90 > tonumber(disk.used)) then io.write((100-tonumber(disk.used)) .. "%") end
 	io.write('</B></CENTER></TD>\n')
 end
 io.write('		<TD>100%</TD>\n')
@@ -24,7 +24,7 @@ io.write("	</TR>\n")
 io.write("</TABLE>\n")
 io.write('<TABLE STYLE="margin:0px;padding:0px;border:0px;margin-top:5px;">\n')
 io.write("	<TR>\n")
-io.write('		<TD WIDTH="100px"><B>'..name..'</B></TD><TD STYLE="background:red;border:2px solid black;" WIDTH="20px"></TD><TD WIDTH="70px"><B>=Used</B></TD><TD STYLE="background:#0c0;border:2px solid black;" WIDTH="20px"></TD><TD><B>=Free</B></TD>\n')
+io.write('		<TD WIDTH="100px"><B>'..html.html_escape(name)..'</B></TD><TD STYLE="background:red;border:2px solid black;" WIDTH="20px"></TD><TD WIDTH="70px"><B>=Used</B></TD><TD STYLE="background:#0c0;border:2px solid black;" WIDTH="20px"></TD><TD><B>=Free</B></TD>\n')
 io.write("	</TR>\n")
 io.write("</TABLE>\n")
 end %>
@@ -60,6 +60,6 @@ No RAM Disk mounted
 
 <% if view.value.partitions then %>
 <h2>Disk partitions</h2>
-<pre><%= view.value.partitions.value %></pre>
+<pre><%= html.html_escape(view.value.partitions.value) %></pre>
 <% end %>
 
-- 
cgit v1.2.3