diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | a16908c61d018a5961751ec908f1b890b2217b54 (patch) | |
tree | 111abfc0c89d95c63acb6dfc7b76b67ee63fefa9 | |
parent | dac8706eaa8243e8fb6bcfd00fbdbf779f9f0ebc (diff) | |
download | acf-iptables-a16908c61d018a5961751ec908f1b890b2217b54.tar.bz2 acf-iptables-a16908c61d018a5961751ec908f1b890b2217b54.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/iptables/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | iptables-details-html.lsp | 8 | ||||
-rw-r--r-- | iptables-editchain-html.lsp | 2 | ||||
-rw-r--r-- | iptables-editrule-html.lsp | 4 | ||||
-rw-r--r-- | iptables-html.lsp | 26 | ||||
-rw-r--r-- | iptables-startstop-html.lsp | 6 |
5 files changed, 23 insertions, 23 deletions
diff --git a/iptables-details-html.lsp b/iptables-details-html.lsp index 9edc25d..daf646a 100644 --- a/iptables-details-html.lsp +++ b/iptables-details-html.lsp @@ -9,13 +9,13 @@ io.write("</span>") <% viewlibrary.dispatch_component("status") %> -<H2><%= data.label %></H2> +<H2><%= html.html_escape(data.label) %></H2> <DL> <% for i,tab in ipairs({"filter", "nat", "mangle"}) do %> - <H3><%= tab %></H3> + <H3><%= html.html_escape(tab) %></H3> <TABLE> - <TR><TD><%= data.value[tab].chains %> Chains</TD></TR> - <TR><TD><%= data.value[tab].rules %> Rules</TD></TR> + <TR><TD><%= html.html_escape(data.value[tab].chains) %> Chains</TD></TR> + <TR><TD><%= html.html_escape(data.value[tab].rules) %> Rules</TD></TR> </TABLE> <% end %> </DL> diff --git a/iptables-editchain-html.lsp b/iptables-editchain-html.lsp index 3480fcc..9514d5b 100644 --- a/iptables-editchain-html.lsp +++ b/iptables-editchain-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action if page_info.action == "editchain" then diff --git a/iptables-editrule-html.lsp b/iptables-editrule-html.lsp index 9c732ec..7e4d156 100644 --- a/iptables-editrule-html.lsp +++ b/iptables-editrule-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% for name,val in pairs(form.value) do val.name = name end form.value.table.readonly = true @@ -52,5 +52,5 @@ displayformitem(form.value.tcp_dport) displayformitem(form.value.udp_sport) displayformitem(form.value.udp_dport) %> -</DL><H2><%= form.option %></H2> +</DL><H2><%= html.html_escape(form.option) %></H2> <% displayformend(form) %> diff --git a/iptables-html.lsp b/iptables-html.lsp index b27216b..9858d22 100644 --- a/iptables-html.lsp +++ b/iptables-html.lsp @@ -3,39 +3,39 @@ <% displaycommandresults({"editchain", "deletechain", "createrule", "deleterule", "editrule", "createchain"}, session) %> -<H1><%= data.label %></H1> +<H1><%= html.html_escape(data.label) %></H1> <DL> <TABLE> <% local tab = data.value.table %> <% for j,chain in ipairs(data.value) do %> <TR><TD> <% if chain.policy then %> - <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/editchain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Chain"></a> + <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/editchain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Chain"></a> <% else %> - <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/deletechain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Chain"></a> + <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/deletechain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Chain"></a> <% end %> - <%= chain.name %> - <% if chain.policy then io.write(" ("..chain.policy..")\n") end %> - <% if chain.references then io.write(" ("..chain.references.." references)\n") end %> + <%= html.html_escape(chain.name) %> + <% if chain.policy then io.write(" ("..html.html_escape(chain.policy)..")\n") end %> + <% if chain.references then io.write(" ("..html.html_escape(chain.references).." references)\n") end %> </TD></TR> <% for j,line in ipairs(chain) do %> <TABLE> <TR><TD WIDTH='80px' STYLE='padding-left:40px'> - <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Insert Rule"></a> - <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/deleterule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Rule"></a> - <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/editrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Rule"></a> + <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Insert Rule"></a> + <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/deleterule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Rule"></a> + <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/editrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Rule"></a> </TD> - <TD WIDTH='50px'><%= line.packets %></TD><TD WIDTH='50px'><%= line.bytes %></TD> - <TD><%= line.rule %></TD> + <TD WIDTH='50px'><%= html.html_escape(line.packets) %></TD><TD WIDTH='50px'><%= html.html_escape(line.bytes) %></TD> + <TD><%= html.html_escape(line.rule) %></TD> </TR> </TABLE> <% end %> <TABLE> <TR><TD WIDTH='80px' STYLE='padding-left:40px'> - <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Append Rule"></a> + <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Append Rule"></a> </TD></TR> </TABLE> <% end %> - <TR><TD><a href="<%= page_info.script..page_info.prefix..page_info.controller.."/createchain?table="..tab.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Create Chain"></a></TD></TR> + <TR><TD><a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/createchain?table="..tab.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Create Chain"></a></TD></TR> </TABLE> </DL> diff --git a/iptables-startstop-html.lsp b/iptables-startstop-html.lsp index caa0b96..9b6c9c0 100644 --- a/iptables-startstop-html.lsp +++ b/iptables-startstop-html.lsp @@ -2,7 +2,7 @@ <H1>Management</H1> <DL> -<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %>" method="POST"> +<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action) %>" method="POST"> <DT>Load rules from rules file</DT> <DD> <input class="submit" type="submit" name="action" value="Reload"> @@ -17,9 +17,9 @@ <DT>Previous action result</DT> <DD> <% if data.value.result.value ~= "" then %> -<P CLASS='descr'><%= string.gsub(data.value.result.value, "\n", "<BR>") %></P> +<P CLASS='descr'><%= string.gsub(html.html_escape(data.value.result.value), "\n", "<BR>") %></P> <% end if data.value.result.errtxt then %> -<P CLASS='error'><%= string.gsub(data.value.result.errtxt, "\n", "<BR>") %></P> +<P CLASS='error'><%= string.gsub(html.html_escape(data.value.result.errtxt), "\n", "<BR>") %></P> <% end end %> </DD> </DL> |