diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | bd93652bba291b8c6a5d6f0753aea1a5241f9f6a (patch) | |
tree | 627b6414cf8687cae70ed35a94ae8183dfa377a2 | |
parent | 5734f776f166b9fdf0f1a2d21227bf7ee6ed14b4 (diff) | |
download | acf-opennhrp-bd93652bba291b8c6a5d6f0753aea1a5241f9f6a.tar.bz2 acf-opennhrp-bd93652bba291b8c6a5d6f0753aea1a5241f9f6a.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/opennhrp/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | opennhrp-editinterface-html.lsp | 2 | ||||
-rw-r--r-- | opennhrp-listinterfaces-html.lsp | 8 | ||||
-rw-r--r-- | opennhrp-show-html.lsp | 12 |
3 files changed, 11 insertions, 11 deletions
diff --git a/opennhrp-editinterface-html.lsp b/opennhrp-editinterface-html.lsp index 6fa2bec..a9c4d65 100644 --- a/opennhrp-editinterface-html.lsp +++ b/opennhrp-editinterface-html.lsp @@ -17,7 +17,7 @@ require("viewfunctions") }); </script> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.value.interface.readonly = true local option = {"interface", "type", "map"} diff --git a/opennhrp-listinterfaces-html.lsp b/opennhrp-listinterfaces-html.lsp index ca3fdb6..7f9181c 100644 --- a/opennhrp-listinterfaces-html.lsp +++ b/opennhrp-listinterfaces-html.lsp @@ -4,7 +4,7 @@ require("viewfunctions") <% displaycommandresults({"editinterface"}, session) %> -<h1><%= view.label %></h1> +<h1><%= html.html_escape(view.label) %></h1> <TABLE> <TR style="background:#eee;font-weight:bold;"> <TD style="padding-right:20px;white-space:nowrap;text-align:left;" class="header">Action</TD> @@ -17,9 +17,9 @@ require("viewfunctions") <TD style="padding-right:20px;white-space:nowrap;"> <% io.write(html.link{value = "editinterface?interface="..intf.interface.."&redir="..page_info.orig_action, label="Edit " }) %> </TD> - <TD style="padding-right:20px;white-space:nowrap;text-align:right;"><%= intf.interface %></TD> - <TD style="padding-right:20px;white-space:nowrap;"><%= intf.type %></TD> - <TD style="white-space:nowrap;" width="90%"><P class="error"><%= string.gsub(intf.errtxt or "", "\n", "<BR>") %></P></TD> + <TD style="padding-right:20px;white-space:nowrap;text-align:right;"><%= html.html_escape(intf.interface) %></TD> + <TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(intf.type) %></TD> + <TD style="white-space:nowrap;" width="90%"><P class="error"><%= string.gsub(html.html_escape(intf.errtxt), "\n", "<BR>") %></P></TD> </TR> <% end %> </TABLE> diff --git a/opennhrp-show-html.lsp b/opennhrp-show-html.lsp index 79847c4..9b5ac46 100644 --- a/opennhrp-show-html.lsp +++ b/opennhrp-show-html.lsp @@ -6,12 +6,12 @@ require("viewfunctions") viewlibrary.dispatch_component("status") end %> -<H1><%= data.label %></H1> +<H1><%= html.html_escape(data.label) %></H1> <DL> <% displayitem(data.value.status) %> -<DT><%= data.value.peers_list.label %></DT> +<DT><%= html.html_escape(data.value.peers_list.label) %></DT> <DD> <% local found @@ -19,7 +19,7 @@ displayitem(data.value.status) found = true %> <TABLE STYLE='margin-bottom:10px;'> - <TR><TD STYLE='font-weight:bold;border:none;'><IMG SRC='/skins/static/tango/16x16/places/network-server.png' width='16' height='16' alt> <%= intf %></TD><TD STYLE='border:none;'></TD></TR> + <TR><TD STYLE='font-weight:bold;border:none;'><IMG SRC='/skins/static/tango/16x16/places/network-server.png' width='16' height='16' alt> <%= html.html_escape(intf) %></TD><TD STYLE='border:none;'></TD></TR> <% for i,entries in ipairs(addresses) do io.write("<TR STYLE='padding-bottom:10px;'><TD WIDTH='150px' STYLE='font-weight:bold;padding-left:20px;border:none;'><IMG SRC='/skins/static/tango/16x16/status/") @@ -36,13 +36,13 @@ displayitem(data.value.status) else io.write("network-error") end - io.write(".png' width='16' height='16' title='" .. (entries.Type.descr or "") .. "'> " .. entries["Protocol-Address"].value .. "</TD><TD STYLE='font-weight:bold;border:none;'></TD></TR>\n") + io.write(".png' width='16' height='16' title='" .. html.html_escape(entries.Type.descr) .. "'> " .. html.html_escape(entries["Protocol-Address"].value) .. "</TD><TD STYLE='font-weight:bold;border:none;'></TD></TR>\n") for j,entry in pairs(entries) do if j ~= "Protocol-Address" then - io.write("<TR><TD STYLE='font-weight:bold;padding-left:40px;border:none;'>"..entry.label.."</TD><TD STYLE='border:none;'>"..entry.value) + io.write("<TR><TD STYLE='font-weight:bold;padding-left:40px;border:none;'>"..html.html_escape(entry.label).."</TD><TD STYLE='border:none;'>"..html.html_escape(entry.value)) if entry.descr then - io.write(" <I>(" .. entry.descr .. ")</I>") + io.write(" <I>(" .. html.html_escape(entry.descr) .. ")</I>") end io.write("</TD></TR>\n") end |