From 3c67f77555e636f949588c049c2074c70a1cbe33 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 interfaces-read-html.lsp | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'interfaces-read-html.lsp')

diff --git a/interfaces-read-html.lsp b/interfaces-read-html.lsp
index d0984dc..7504a1f 100644
--- a/interfaces-read-html.lsp
+++ b/interfaces-read-html.lsp
@@ -11,10 +11,10 @@ io.write("</span>")
 
 <% showoption = function(option)
 	if option.errtxt or option.value ~= "" then %>
-		<TR><TD WIDTH='120px' STYLE='font-weight:bold;border:none;'><%= option.label %></TD>
+		<TR><TD WIDTH='120px' STYLE='font-weight:bold;border:none;'><%= html.html_escape(option.label) %></TD>
 		<TD STYLE='border:none;'<% if option.errtxt then io.write("class='error'") end %>>
-		<%= string.gsub(tostring(option.value), "\n", "<BR>") %>
-		<% if option.errtxt then io.write("<BR>"..option.errtxt) end %>
+		<%= string.gsub(html.html_escape(tostring(option.value)), "\n", "<BR>") %>
+		<% if option.errtxt then io.write("<BR>"..html.html_escape(option.errtxt)) end %>
 		</TD></TR>
 	<% end %>	
 <% end %>
@@ -29,7 +29,7 @@ end %>
 <DL>
 <% for i,entry in ipairs(view.value) do
 	local interface = entry.value %>
-	<DT><IMG SRC='/skins/static/tango/16x16/devices/network-wired.png' width='16' height='16'> <%= interface.name.value %></DT><DD>
+	<DT><IMG SRC='/skins/static/tango/16x16/devices/network-wired.png' width='16' height='16'> <%= html.html_escape(interface.name.value) %></DT><DD>
 	<TABLE STYLE='margin-bottom:10px'>
 
 	<% 
@@ -42,16 +42,16 @@ end %>
 	end %>
 	<TR>
 	<% if session.permissions.interfaces.update then %>
-		<A HREF='update?name=<%= interface.name.value %>&redir=read'>Edit </A>
+		<A HREF='update?name=<%= html.html_escape(interface.name.value) %>&redir=read'>Edit </A>
 	<% end
 	if session.permissions.interfaces.delete then %>
-		<A HREF='delete?name=<%= interface.name.value %>'>Delete </A>
+		<A HREF='delete?name=<%= html.html_escape(interface.name.value) %>'>Delete </A>
 	<% end
 	if session.permissions.interfaces.ifup then %>
-		<A HREF='ifup?name=<%= interface.name.value %>'>ifup </A>
+		<A HREF='ifup?name=<%= html.html_escape(interface.name.value) %>'>ifup </A>
 	<% end
 	if session.permissions.interfaces.ifdown then %>
-		<A HREF='ifdown?name=<%= interface.name.value %>'>ifdown </A>
+		<A HREF='ifdown?name=<%= html.html_escape(interface.name.value) %>'>ifdown </A>
 	<% end %>
 	</TR>
 	</TABLE>
@@ -63,5 +63,5 @@ end %>
 <P class="error">WARNING!!! Restarting networking may cause the ACF web interface to stop functioning. Try refreshing this page after restarting. If that fails, you may have to use terminal access to recover.</P>
 <DL>
 <DT>Restart Networking</DT>
-<DD><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/restart" %>"><input class="submit" type="submit" value="Restart"></form></DD>
+<DD><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/restart") %>"><input class="submit" type="submit" value="Restart"></form></DD>
 </DL>
-- 
cgit v1.2.3