diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
| commit | 76cbb205333360ae618c3b8a20faccf747039070 (patch) | |
| tree | be2b31718d1352e38aa9572dd11d21f1ae8da2be /app/acf-util/password-status-html.lsp | |
| parent | c89e42cf158941545540ad4f8e94f478dec50c1a (diff) | |
| download | acf-core-76cbb205333360ae618c3b8a20faccf747039070.tar.bz2 acf-core-76cbb205333360ae618c3b8a20faccf747039070.tar.xz | |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'app/acf-util/password-status-html.lsp')
| -rwxr-xr-x | app/acf-util/password-status-html.lsp | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp index d7db4e9..714dfae 100755 --- a/app/acf-util/password-status-html.lsp +++ b/app/acf-util/password-status-html.lsp @@ -13,29 +13,29 @@ io.write("</span>") <H1>User Accounts</H1> <H2>Create new account</H2> <form action="<%= page_info.script .. page_info.prefix .. page_info.controller %>/newuser" method="POST"> -<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" > +<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" > <dl><dt></dt><dd><input class="submit" type="submit" value="New User"></dd></dl> </form> <H2>Existing account</H2> <DL> <% for name,user in pairs(form.value) do %> - <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= name %></DT> + <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= html.html_escape(name) %></DT> <DD><TABLE> <TR> - <TD STYLE='border:none;'><B><%= user.value.userid.label %></B></TD> - <TD STYLE='border:none;' WIDTH='90%'><%= user.value.userid.value %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.userid.label) %></B></TD> + <TD STYLE='border:none;' WIDTH='90%'><%= html.html_escape(user.value.userid.value) %></TD> </TR><TR> - <TD STYLE='border:none;'><B><%= user.value.username.label %></B></TD> - <TD STYLE='border:none;'><%= user.value.username.value %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.username.label) %></B></TD> + <TD STYLE='border:none;'><%= html.html_escape(user.value.username.value) %></TD> </TR><TR> - <TD STYLE='border:none;'><B><%= user.value.roles.label %></B></TD> - <TD STYLE='border:none;'><%= table.concat(user.value.roles.value, " / ") %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.roles.label) %></B></TD> + <TD STYLE='border:none;'><%= html.html_escape(table.concat(user.value.roles.value, " / ")) %></TD> </TR><TR> <TD STYLE='border:none;'><B>Option</B></TD> <TD STYLE='border:none;'> - [<A HREF='edituser?userid=<%= name %>&redir=<%= page_info.orig_action %>'>Edit this account</A>] - [<A HREF='deleteuser?userid=<%= name %>'>Delete this account</A>] - [<A HREF='<%= page_info.script %>/acf-util/roles/viewuserroles?userid=<%= name %>'>View roles for this account</A>] + [<A HREF='edituser?userid=<%= html.html_escape(name) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this account</A>] + [<A HREF='deleteuser?userid=<%= html.html_escape(name) %>'>Delete this account</A>] + [<A HREF='<%= html.html_escape(page_info.script) %>/acf-util/roles/viewuserroles?userid=<%= html.html_escape(name) %>'>View roles for this account</A>] </TD> </TR> </TABLE></DD> |