diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | 72a3e69b5f4adafea8905e60213371ab1b2fc019 (patch) | |
tree | ae83e7a78d5533b72696678f873857511451b8a0 | |
parent | cad10c9da021f1b91881585985cd2cf5f457bf9f (diff) | |
download | acf-ipsec-tools-72a3e69b5f4adafea8905e60213371ab1b2fc019.tar.bz2 acf-ipsec-tools-72a3e69b5f4adafea8905e60213371ab1b2fc019.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/ipsec-tools/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | ipsectools-details-html.lsp | 8 | ||||
-rw-r--r-- | ipsectools-listcerts-html.lsp | 4 | ||||
-rw-r--r-- | ipsectools-uploadcert-html.lsp | 2 | ||||
-rw-r--r-- | ipsectools-viewcert-html.lsp | 2 |
4 files changed, 8 insertions, 8 deletions
diff --git a/ipsectools-details-html.lsp b/ipsectools-details-html.lsp index b16da64..c5cdb5c 100644 --- a/ipsectools-details-html.lsp +++ b/ipsectools-details-html.lsp @@ -9,7 +9,7 @@ io.write("</span>") <% viewlibrary.dispatch_component("status") %> -<H2><%= data.label %></H2> +<H2><%= html.html_escape(data.label) %></H2> <DL> <% if not data.value.show_isakmp or #data.value.show_isakmp.value == 0 then @@ -23,13 +23,13 @@ else else io.write("idle") end - io.write(".png' width='16' height='16'> ".. entry.Destination.value .. "</H3>") + io.write(".png' width='16' height='16'> ".. html.html_escape(entry.Destination.value) .. "</H3>") io.write("<TABLE>\n") local tags = {"Created","Source","Destination", "St", "Phase2details"} for j,tag in pairs(tags) do io.write("<TR><TD STYLE='font-weight:bold;width:120px;border:none;'>" .. - (entry[tag].label or "") .. "</TD><TD STYLE='border:none;'>"..(entry[tag].value or "")) - if (entry[tag].descr) and (#entry[tag].descr > 0) then io.write(" (".. entry[tag].descr .. ")") end + html.html_escape(entry[tag].label) .. "</TD><TD STYLE='border:none;'>"..html.html_escape(entry[tag].value)) + if (entry[tag].descr) and (#entry[tag].descr > 0) then io.write(" (".. html.html_escape(entry[tag].descr) .. ")") end io.write("</TD></TR>") end io.write("</TABLE>") diff --git a/ipsectools-listcerts-html.lsp b/ipsectools-listcerts-html.lsp index 90f8849..d2f3c69 100644 --- a/ipsectools-listcerts-html.lsp +++ b/ipsectools-listcerts-html.lsp @@ -4,7 +4,7 @@ <% displaycommandresults({"deletecert"}, session) %> <% displaycommandresults({"uploadcert"}, session, true) %> -<H1><%= view.label %></H1> +<H1><%= html.html_escape(view.label) %></H1> <DL> <TABLE> @@ -20,7 +20,7 @@ <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/viewcert?cert="..cert.."&redir="..page_info.orig_action, label="View "} %> <% end %> </TD> - <TD style="white-space:nowrap;"><%= cert %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(cert) %></TD> </TR> <% end %> </TABLE> diff --git a/ipsectools-uploadcert-html.lsp b/ipsectools-uploadcert-html.lsp index a3e88ba..02ed7a0 100644 --- a/ipsectools-uploadcert-html.lsp +++ b/ipsectools-uploadcert-html.lsp @@ -5,7 +5,7 @@ io.write(html.cfe_unpack(form)) --]] %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% -- This is a kludge to get file upload working form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action .. '" enctype="multipart/form-data' diff --git a/ipsectools-viewcert-html.lsp b/ipsectools-viewcert-html.lsp index d23cb53..1acb166 100644 --- a/ipsectools-viewcert-html.lsp +++ b/ipsectools-viewcert-html.lsp @@ -5,4 +5,4 @@ io.write(html.cfe_unpack(view)) --]] %> <H1>Certificate Details</H1> -<pre><%= view.value.value %></pre> +<pre><%= html.html_escape(view.value.value) %></pre> |