diff options
Diffstat (limited to 'app/acf-util/password-status-html.lsp')
| -rwxr-xr-x | app/acf-util/password-status-html.lsp | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp index d7db4e9..714dfae 100755 --- a/app/acf-util/password-status-html.lsp +++ b/app/acf-util/password-status-html.lsp @@ -13,29 +13,29 @@ io.write("</span>") <H1>User Accounts</H1> <H2>Create new account</H2> <form action="<%= page_info.script .. page_info.prefix .. page_info.controller %>/newuser" method="POST"> -<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" > +<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" > <dl><dt></dt><dd><input class="submit" type="submit" value="New User"></dd></dl> </form> <H2>Existing account</H2> <DL> <% for name,user in pairs(form.value) do %> - <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= name %></DT> + <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= html.html_escape(name) %></DT> <DD><TABLE> <TR> - <TD STYLE='border:none;'><B><%= user.value.userid.label %></B></TD> - <TD STYLE='border:none;' WIDTH='90%'><%= user.value.userid.value %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.userid.label) %></B></TD> + <TD STYLE='border:none;' WIDTH='90%'><%= html.html_escape(user.value.userid.value) %></TD> </TR><TR> - <TD STYLE='border:none;'><B><%= user.value.username.label %></B></TD> - <TD STYLE='border:none;'><%= user.value.username.value %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.username.label) %></B></TD> + <TD STYLE='border:none;'><%= html.html_escape(user.value.username.value) %></TD> </TR><TR> - <TD STYLE='border:none;'><B><%= user.value.roles.label %></B></TD> - <TD STYLE='border:none;'><%= table.concat(user.value.roles.value, " / ") %></TD> + <TD STYLE='border:none;'><B><%= html.html_escape(user.value.roles.label) %></B></TD> + <TD STYLE='border:none;'><%= html.html_escape(table.concat(user.value.roles.value, " / ")) %></TD> </TR><TR> <TD STYLE='border:none;'><B>Option</B></TD> <TD STYLE='border:none;'> - [<A HREF='edituser?userid=<%= name %>&redir=<%= page_info.orig_action %>'>Edit this account</A>] - [<A HREF='deleteuser?userid=<%= name %>'>Delete this account</A>] - [<A HREF='<%= page_info.script %>/acf-util/roles/viewuserroles?userid=<%= name %>'>View roles for this account</A>] + [<A HREF='edituser?userid=<%= html.html_escape(name) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this account</A>] + [<A HREF='deleteuser?userid=<%= html.html_escape(name) %>'>Delete this account</A>] + [<A HREF='<%= html.html_escape(page_info.script) %>/acf-util/roles/viewuserroles?userid=<%= html.html_escape(name) %>'>View roles for this account</A>] </TD> </TR> </TABLE></DD> |