diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | 61131a0d088c5fd27e99291714903050ddb0d41a (patch) | |
tree | e79f7d51e9a7814091aa8ec526d0d6e72e978b20 | |
parent | 168d1ee9a8eaf3142e76e4e8b04cc39b5b1769c3 (diff) | |
download | acf-dhcp-61131a0d088c5fd27e99291714903050ddb0d41a.tar.bz2 acf-dhcp-61131a0d088c5fd27e99291714903050ddb0d41a.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/dhcp/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | dhcp-edithost-html.lsp | 2 | ||||
-rw-r--r-- | dhcp-editsubnet-html.lsp | 2 | ||||
-rw-r--r-- | dhcp-home-html.lsp | 4 | ||||
-rw-r--r-- | dhcp-listhosts-html.lsp | 6 | ||||
-rw-r--r-- | dhcp-listsubnets-html.lsp | 6 | ||||
-rw-r--r-- | dhcp-settings-html.lsp | 2 |
6 files changed, 11 insertions, 11 deletions
diff --git a/dhcp-edithost-html.lsp b/dhcp-edithost-html.lsp index cc440c3..6cf60fb 100644 --- a/dhcp-edithost-html.lsp +++ b/dhcp-edithost-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action if page_info.action == "edithost" then diff --git a/dhcp-editsubnet-html.lsp b/dhcp-editsubnet-html.lsp index c458e19..e848d79 100644 --- a/dhcp-editsubnet-html.lsp +++ b/dhcp-editsubnet-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action if page_info.action == "editsubnet" then diff --git a/dhcp-home-html.lsp b/dhcp-home-html.lsp index 9c24dcf..560b2f6 100644 --- a/dhcp-home-html.lsp +++ b/dhcp-home-html.lsp @@ -11,8 +11,8 @@ end %> <DL> <dt>Edit global settings</dt> -<dd><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/settings" %>" method="POST"> -<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" > +<dd><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/settings") %>" method="POST"> +<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" > <input type=submit value="Edit" class="submit"> </form></dd> </DL> diff --git a/dhcp-listhosts-html.lsp b/dhcp-listhosts-html.lsp index 6b92ecb..7a8dfd1 100644 --- a/dhcp-listhosts-html.lsp +++ b/dhcp-listhosts-html.lsp @@ -17,14 +17,14 @@ <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/edithost?host="..host.."&redir="..page_info.orig_action, label="Edit "} %> <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/delhost?host="..host, label="Delete "} %> </TD> - <TD style="white-space:nowrap;"><%= host %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(host) %></TD> </TR> <% end %> </TABLE> <dt>Add new host</dt> -<dd><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/createhost" %>" method="POST"> -<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" > +<dd><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/createhost") %>" method="POST"> +<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" > <input type=submit value="New" class="submit"> </form></dd> </DL> diff --git a/dhcp-listsubnets-html.lsp b/dhcp-listsubnets-html.lsp index 242afe1..db302d0 100644 --- a/dhcp-listsubnets-html.lsp +++ b/dhcp-listsubnets-html.lsp @@ -17,14 +17,14 @@ <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editsubnet?subnet="..subnet.."&redir="..page_info.orig_action, label="Edit "} %> <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/delsubnet?subnet="..subnet.."&redir="..page_info.orig_action, label="Delete "} %> </TD> - <TD style="white-space:nowrap;"><%= subnet %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(subnet) %></TD> </TR> <% end %> </TABLE> <dt>Add new subnet</dt> -<dd><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/createsubnet" %>" method="POST"> -<input class="hidden" type="hidden" name="redir" value="<%= page_info.orig_action %>" > +<dd><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/createsubnet") %>" method="POST"> +<input class="hidden" type="hidden" name="redir" value="<%= html.html_escape(page_info.orig_action) %>" > <input type=submit value="New" class="submit"> </form></dd> </DL> diff --git a/dhcp-settings-html.lsp b/dhcp-settings-html.lsp index de209bf..3b1344a 100644 --- a/dhcp-settings-html.lsp +++ b/dhcp-settings-html.lsp @@ -1,7 +1,7 @@ <% local form, viewlibrary, page_info = ... %> <% require("viewfunctions") %> -<h1><%= form.label %></h1> +<h1><%= html.html_escape(form.label) %></h1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action local order = {"domainname", "domainnameservers", "dnsupdatestyle", "defleasetime", "maxleasetime"} |