summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
committerTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
commita16908c61d018a5961751ec908f1b890b2217b54 (patch)
tree111abfc0c89d95c63acb6dfc7b76b67ee63fefa9
parentdac8706eaa8243e8fb6bcfd00fbdbf779f9f0ebc (diff)
downloadacf-iptables-a16908c61d018a5961751ec908f1b890b2217b54.tar.bz2
acf-iptables-a16908c61d018a5961751ec908f1b890b2217b54.tar.xz
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/iptables/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--iptables-details-html.lsp8
-rw-r--r--iptables-editchain-html.lsp2
-rw-r--r--iptables-editrule-html.lsp4
-rw-r--r--iptables-html.lsp26
-rw-r--r--iptables-startstop-html.lsp6
5 files changed, 23 insertions, 23 deletions
diff --git a/iptables-details-html.lsp b/iptables-details-html.lsp
index 9edc25d..daf646a 100644
--- a/iptables-details-html.lsp
+++ b/iptables-details-html.lsp
@@ -9,13 +9,13 @@ io.write("</span>")
<% viewlibrary.dispatch_component("status") %>
-<H2><%= data.label %></H2>
+<H2><%= html.html_escape(data.label) %></H2>
<DL>
<% for i,tab in ipairs({"filter", "nat", "mangle"}) do %>
- <H3><%= tab %></H3>
+ <H3><%= html.html_escape(tab) %></H3>
<TABLE>
- <TR><TD><%= data.value[tab].chains %> Chains</TD></TR>
- <TR><TD><%= data.value[tab].rules %> Rules</TD></TR>
+ <TR><TD><%= html.html_escape(data.value[tab].chains) %> Chains</TD></TR>
+ <TR><TD><%= html.html_escape(data.value[tab].rules) %> Rules</TD></TR>
</TABLE>
<% end %>
</DL>
diff --git a/iptables-editchain-html.lsp b/iptables-editchain-html.lsp
index 3480fcc..9514d5b 100644
--- a/iptables-editchain-html.lsp
+++ b/iptables-editchain-html.lsp
@@ -2,7 +2,7 @@
require("viewfunctions")
%>
-<H1><%= form.label %></H1>
+<H1><%= html.html_escape(form.label) %></H1>
<%
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action
if page_info.action == "editchain" then
diff --git a/iptables-editrule-html.lsp b/iptables-editrule-html.lsp
index 9c732ec..7e4d156 100644
--- a/iptables-editrule-html.lsp
+++ b/iptables-editrule-html.lsp
@@ -2,7 +2,7 @@
require("viewfunctions")
%>
-<H1><%= form.label %></H1>
+<H1><%= html.html_escape(form.label) %></H1>
<%
for name,val in pairs(form.value) do val.name = name end
form.value.table.readonly = true
@@ -52,5 +52,5 @@ displayformitem(form.value.tcp_dport)
displayformitem(form.value.udp_sport)
displayformitem(form.value.udp_dport)
%>
-</DL><H2><%= form.option %></H2>
+</DL><H2><%= html.html_escape(form.option) %></H2>
<% displayformend(form) %>
diff --git a/iptables-html.lsp b/iptables-html.lsp
index b27216b..9858d22 100644
--- a/iptables-html.lsp
+++ b/iptables-html.lsp
@@ -3,39 +3,39 @@
<% displaycommandresults({"editchain", "deletechain", "createrule", "deleterule", "editrule", "createchain"}, session) %>
-<H1><%= data.label %></H1>
+<H1><%= html.html_escape(data.label) %></H1>
<DL>
<TABLE>
<% local tab = data.value.table %>
<% for j,chain in ipairs(data.value) do %>
<TR><TD>
<% if chain.policy then %>
- <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/editchain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Chain"></a>
+ <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/editchain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Chain"></a>
<% else %>
- <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/deletechain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Chain"></a>
+ <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/deletechain?chain="..chain.name.."&table="..tab.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Chain"></a>
<% end %>
- <%= chain.name %>
- <% if chain.policy then io.write(" ("..chain.policy..")\n") end %>
- <% if chain.references then io.write(" ("..chain.references.." references)\n") end %>
+ <%= html.html_escape(chain.name) %>
+ <% if chain.policy then io.write(" ("..html.html_escape(chain.policy)..")\n") end %>
+ <% if chain.references then io.write(" ("..html.html_escape(chain.references).." references)\n") end %>
</TD></TR>
<% for j,line in ipairs(chain) do %>
<TABLE>
<TR><TD WIDTH='80px' STYLE='padding-left:40px'>
- <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Insert Rule"></a>
- <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/deleterule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Rule"></a>
- <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/editrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Rule"></a>
+ <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Insert Rule"></a>
+ <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/deleterule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-remove.png' width='16' height='16' title="Delete Rule"></a>
+ <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/editrule?table="..tab.."&chain="..chain.name.."&position="..j.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/document-properties.png' width='16' height='16' title="Edit Rule"></a>
</TD>
- <TD WIDTH='50px'><%= line.packets %></TD><TD WIDTH='50px'><%= line.bytes %></TD>
- <TD><%= line.rule %></TD>
+ <TD WIDTH='50px'><%= html.html_escape(line.packets) %></TD><TD WIDTH='50px'><%= html.html_escape(line.bytes) %></TD>
+ <TD><%= html.html_escape(line.rule) %></TD>
</TR>
</TABLE>
<% end %>
<TABLE>
<TR><TD WIDTH='80px' STYLE='padding-left:40px'>
- <a href="<%= page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Append Rule"></a>
+ <a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/createrule?table="..tab.."&chain="..chain.name.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Append Rule"></a>
</TD></TR>
</TABLE>
<% end %>
- <TR><TD><a href="<%= page_info.script..page_info.prefix..page_info.controller.."/createchain?table="..tab.."&redir="..page_info.orig_action %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Create Chain"></a></TD></TR>
+ <TR><TD><a href="<%= html.html_escape(page_info.script..page_info.prefix..page_info.controller.."/createchain?table="..tab.."&redir="..page_info.orig_action) %>"><IMG SRC='/skins/static/tango/16x16/actions/list-add.png' width='16' height='16' title="Create Chain"></a></TD></TR>
</TABLE>
</DL>
diff --git a/iptables-startstop-html.lsp b/iptables-startstop-html.lsp
index caa0b96..9b6c9c0 100644
--- a/iptables-startstop-html.lsp
+++ b/iptables-startstop-html.lsp
@@ -2,7 +2,7 @@
<H1>Management</H1>
<DL>
-<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action %>" method="POST">
+<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action) %>" method="POST">
<DT>Load rules from rules file</DT>
<DD>
<input class="submit" type="submit" name="action" value="Reload">
@@ -17,9 +17,9 @@
<DT>Previous action result</DT>
<DD>
<% if data.value.result.value ~= "" then %>
-<P CLASS='descr'><%= string.gsub(data.value.result.value, "\n", "<BR>") %></P>
+<P CLASS='descr'><%= string.gsub(html.html_escape(data.value.result.value), "\n", "<BR>") %></P>
<% end if data.value.result.errtxt then %>
-<P CLASS='error'><%= string.gsub(data.value.result.errtxt, "\n", "<BR>") %></P>
+<P CLASS='error'><%= string.gsub(html.html_escape(data.value.result.errtxt), "\n", "<BR>") %></P>
<% end end %>
</DD>
</DL>