diff options
| -rw-r--r-- | acfupdate-html.lsp | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/acfupdate-html.lsp b/acfupdate-html.lsp index b612f6d..aa5683e 100644 --- a/acfupdate-html.lsp +++ b/acfupdate-html.lsp @@ -14,10 +14,10 @@ require("viewfunctions") end if #cmdresult > 0 then for i,result in ipairs(cmdresult) do - io.write("<H1>"..result.label.."</H1>\n<DL>\n") + io.write("<H1>"..html.html_escape(result.label).."</H1>\n<DL>\n") for i,value in ipairs(result.value) do if value.updates ~= "" then %> -<H3><%= value.name %></H3> +<H3><%= html.html_escape(value.name) %></H3> <pre><%= html.html_escape(value.updates) %></pre> <% end end @@ -32,7 +32,7 @@ require("viewfunctions") displayitem(data.value.version) if data.value.version and data.value.version.errtxt and session.permissions.apk and session.permissions.apk.install then %> - <a href="<%= page_info.script %>/apk-tools/apk/install?package=<%= data.value.version.name %>&redir=<%= page_info.orig_action %>">Install</a> + <a href="<%= html.html_escape(page_info.script) %>/apk-tools/apk/install?package=<%= html.html_escape(data.value.version.name) %>&redir=<%= html.html_escape(page_info.orig_action) %>">Install</a> <% end displayitem(data.value.repository) @@ -44,32 +44,32 @@ displayitem(data.value.repository) <DL> <DT>View Status</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/status" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/status") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="View Status"> </form> </DD> <% if session.permissions.acfupdate.diff then %> <DT>View Diff</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/diff" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/diff") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="View Diff"> </form> </DD> <% end %> <DT>View Log</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/log" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/log") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="View Log"> </form> </DD> <% if session.permissions.acfupdate.update then %> <DT>Update</DT> <DD> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/update" %>" method="POST"> -<input type=hidden value="<%= data.value.repository.value %>" name="repository"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/update") %>" method="POST"> +<input type=hidden value="<%= html.html_escape(data.value.repository.value) %>" name="repository"> <input type=submit class=submit value="Update"> </form> </DD> |