diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
| commit | cee2ffc44ecdfb63f98aa1dd1d3f930737a8e68c (patch) | |
| tree | c6a649decec94858b692b591569a06f4335e491f /acfupdate-html.lsp | |
| parent | a8f7e079030d3643e2e5354cae55a277c3826686 (diff) | |
| download | acf-devtools-cee2ffc44ecdfb63f98aa1dd1d3f930737a8e68c.tar.bz2 acf-devtools-cee2ffc44ecdfb63f98aa1dd1d3f930737a8e68c.tar.xz | |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/devtools/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'acfupdate-html.lsp')
| -rw-r--r-- | acfupdate-html.lsp | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/acfupdate-html.lsp b/acfupdate-html.lsp index b612f6d..aa5683e 100644 --- a/acfupdate-html.lsp +++ b/acfupdate-html.lsp @@ -14,10 +14,10 @@ require("viewfunctions") end if #cmdresult > 0 then for i,result in ipairs(cmdresult) do - io.write("<H1>"..result.label.."</H1>\n<DL>\n") + io.write("<H1>"..html.html_escape(result.label).."</H1>\n<DL>\n") for i,value in ipairs(result.value) do if value.updates ~= "" then %> -<H3><%= value.name %></H3> +<H3><%= html.html_escape(value.name) %></H3> <pre><%= html.html_escape(value.updates) %></pre> <% end end @@ -32,7 +32,7 @@ require("viewfunctions") displayitem(data.value.version) if data.value.version and data.value.version.errtxt and session.permissions.apk and session.permissions.apk.install then %> - <a href="<%= page_info.script %>/apk-tools/apk/install?package=<%= data.value.version.name %>&redir=<%= page_info.orig_action %>">Install</a> + <a href="<%= html.html_escape(page_info.script) %>/apk-tools/apk/install?package=<%= html.html_escape(data.value.version.name) %>&redir=<%= html.html_escape(page_info.orig_action) %>">Install</a> <% end displayitem(data.value.repository) @@ -44,32 +44,32 @@ displayitem(data.value.repository) <DL> <DT>View Status</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/status" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/status") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="View Status"> </form> </DD> <% if session.permissions.acfupdate.diff then %> <DT>View Diff</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/diff" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/diff") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="View Diff"> </form> </DD> <% end %> <DT>View Log</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/log" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/log") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="View Log"> </form> </DD> <% if session.permissions.acfupdate.update then %> <DT>Update</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/update" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/update") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="Update"> </form> </DD> |