From a16908c61d018a5961751ec908f1b890b2217b54 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Thu, 15 Jan 2009 21:44:39 +0000 Subject: Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them. git-svn-id: svn://svn.alpinelinux.org/acf/iptables/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed --- iptables-details-html.lsp | 8 ++++---- iptables-editchain-html.lsp | 2 +- iptables-editrule-html.lsp | 4 ++-- iptables-html.lsp | 26 +++++++++++++------------- iptables-startstop-html.lsp | 6 +++--- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/iptables-details-html.lsp b/iptables-details-html.lsp index 9edc25d..daf646a 100644 --- a/iptables-details-html.lsp +++ b/iptables-details-html.lsp @@ -9,13 +9,13 @@ io.write("") <% viewlibrary.dispatch_component("status") %> -

<%= data.label %>

+

<%= html.html_escape(data.label) %>

<% for i,tab in ipairs({"filter", "nat", "mangle"}) do %> -

<%= tab %>

+

<%= html.html_escape(tab) %>

- - + +
<%= data.value[tab].chains %> Chains
<%= data.value[tab].rules %> Rules
<%= html.html_escape(data.value[tab].chains) %> Chains
<%= html.html_escape(data.value[tab].rules) %> Rules
<% end %>
diff --git a/iptables-editchain-html.lsp b/iptables-editchain-html.lsp index 3480fcc..9514d5b 100644 --- a/iptables-editchain-html.lsp +++ b/iptables-editchain-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -

<%= form.label %>

+

<%= html.html_escape(form.label) %>

<% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action if page_info.action == "editchain" then diff --git a/iptables-editrule-html.lsp b/iptables-editrule-html.lsp index 9c732ec..7e4d156 100644 --- a/iptables-editrule-html.lsp +++ b/iptables-editrule-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -

<%= form.label %>

+

<%= html.html_escape(form.label) %>

<% for name,val in pairs(form.value) do val.name = name end form.value.table.readonly = true @@ -52,5 +52,5 @@ displayformitem(form.value.tcp_dport) displayformitem(form.value.udp_sport) displayformitem(form.value.udp_dport) %> -

<%= form.option %>

+

<%= html.html_escape(form.option) %>

<% displayformend(form) %> diff --git a/iptables-html.lsp b/iptables-html.lsp index b27216b..9858d22 100644 --- a/iptables-html.lsp +++ b/iptables-html.lsp @@ -3,39 +3,39 @@ <% displaycommandresults({"editchain", "deletechain", "createrule", "deleterule", "editrule", "createchain"}, session) %> -

<%= data.label %>

+

<%= html.html_escape(data.label) %>

<% local tab = data.value.table %> <% for j,chain in ipairs(data.value) do %> <% for j,line in ipairs(chain) do %>
<% if chain.policy then %> - + <% else %> - + <% end %> - <%= chain.name %> - <% if chain.policy then io.write(" ("..chain.policy..")\n") end %> - <% if chain.references then io.write(" ("..chain.references.." references)\n") end %> + <%= html.html_escape(chain.name) %> + <% if chain.policy then io.write(" ("..html.html_escape(chain.policy)..")\n") end %> + <% if chain.references then io.write(" ("..html.html_escape(chain.references).." references)\n") end %>
- - + +
- - - + + + <%= line.packets %><%= line.bytes %><%= line.rule %><%= html.html_escape(line.packets) %><%= html.html_escape(line.bytes) %><%= html.html_escape(line.rule) %>
<% end %>
- +
<% end %> - +
diff --git a/iptables-startstop-html.lsp b/iptables-startstop-html.lsp index caa0b96..9b6c9c0 100644 --- a/iptables-startstop-html.lsp +++ b/iptables-startstop-html.lsp @@ -2,7 +2,7 @@

Management

-
" method="POST"> +" method="POST">
Load rules from rules file
@@ -17,9 +17,9 @@
Previous action result
<% if data.value.result.value ~= "" then %> -

<%= string.gsub(data.value.result.value, "\n", "
") %>

+

<%= string.gsub(html.html_escape(data.value.result.value), "\n", "
") %>

<% end if data.value.result.errtxt then %> -

<%= string.gsub(data.value.result.errtxt, "\n", "
") %>

+

<%= string.gsub(html.html_escape(data.value.result.errtxt), "\n", "
") %>

<% end end %>
-- cgit v1.2.3