summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
committerTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
commite07adbcd12b29fabd666f25aca694e59f9a5d1f8 (patch)
tree22ba7804c2147be0a9ddbcf5dc0d28432fb4ada4
parent4bf7c04933f59a5afa245bf05644e1ecb5ddd36b (diff)
downloadacf-openssh-e07adbcd12b29fabd666f25aca694e59f9a5d1f8.tar.bz2
acf-openssh-e07adbcd12b29fabd666f25aca694e59f9a5d1f8.tar.xz
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/openssh/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--openssh-addauth-html.lsp2
-rw-r--r--openssh-config-html.lsp2
-rw-r--r--openssh-connectedpeers-html.lsp12
-rw-r--r--openssh-listauth-html.lsp6
-rw-r--r--openssh-listusers-html.lsp4
5 files changed, 13 insertions, 13 deletions
diff --git a/openssh-addauth-html.lsp b/openssh-addauth-html.lsp
index 68ced32..f532b68 100644
--- a/openssh-addauth-html.lsp
+++ b/openssh-addauth-html.lsp
@@ -2,7 +2,7 @@
require("viewfunctions")
%>
-<H1><%= form.label %></H1>
+<H1><%= html.html_escape(form.label) %></H1>
<%
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action
form.value.user.type = "hidden"
diff --git a/openssh-config-html.lsp b/openssh-config-html.lsp
index 64b162c..9054e73 100644
--- a/openssh-config-html.lsp
+++ b/openssh-config-html.lsp
@@ -8,7 +8,7 @@ require("viewfunctions")
viewlibrary.dispatch_component("status")
end %>
-<H1><%= form.label %></H1>
+<H1><%= html.html_escape(form.label) %></H1>
<%
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action
local order = {"Port", "ListenAddress", "PermitRootLogin", "PasswordAuthentication", "UseDNS"}
diff --git a/openssh-connectedpeers-html.lsp b/openssh-connectedpeers-html.lsp
index b49d26c..baa8077 100644
--- a/openssh-connectedpeers-html.lsp
+++ b/openssh-connectedpeers-html.lsp
@@ -15,8 +15,8 @@ if #data == 0 then
end
local col1="180px"
for k,v in pairs(data) do
- io.write("<H3>" .. v.host)
- if v.name and v.name ~= v.host then io.write(" - "..v.name) end
+ io.write("<H3>" .. html.html_escape(v.host))
+ if v.name and v.name ~= v.host then io.write(" - "..html.html_escape(v.name)) end
io.write("</H3>\n")
io.write("<TABLE>")
for i=1, v.cnt do
@@ -25,10 +25,10 @@ for k,v in pairs(data) do
io.write("<TD WIDTH='20px' STYLE='padding-left:20px;vertical-align:top;'><IMG SRC='/skins/static/tango/16x16/apps/utilities-terminal.png' HEIGHT='16' WIDTH='16'></TD>")
io.write("<TD STYLE='padding-bottom:10px'>\n")
io.write("<TABLE>")
- io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session user:</TD><TD>".. v.tty[i].user .. "</TD></TR>\n")
- io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session TTY:</TD><TD>".. v.tty[i].tty .. "</TD></TR>\n")
- io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session Started:</TD><TD>".. v.tty[i].time .. "</TD></TR>\n")
- io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session Idle:</TD><TD>".. v.tty[i].idle .. "</TD></TR>\n")
+ io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session user:</TD><TD>".. html.html_escape(v.tty[i].user) .. "</TD></TR>\n")
+ io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session TTY:</TD><TD>".. html.html_escape(v.tty[i].tty) .. "</TD></TR>\n")
+ io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session Started:</TD><TD>".. html.html_escape(v.tty[i].time) .. "</TD></TR>\n")
+ io.write("<TR><TD WIDTH='"..col1.."' STYLE='font-weight:bold;'>Session Idle:</TD><TD>".. html.html_escape(v.tty[i].idle) .. "</TD></TR>\n")
io.write("</TABLE>")
io.write("</TD>\n")
diff --git a/openssh-listauth-html.lsp b/openssh-listauth-html.lsp
index f54a08a..d93bc8b 100644
--- a/openssh-listauth-html.lsp
+++ b/openssh-listauth-html.lsp
@@ -4,7 +4,7 @@
<% displaycommandresults({"deleteauth"}, session) %>
<% displaycommandresults({"addauth"}, session, true) %>
-<H1>Authorized Keys for <%= view.value.user.value %></H1>
+<H1>Authorized Keys for <%= html.html_escape(view.value.user.value) %></H1>
<DL><TABLE>
<TR style="background:#eee;font-weight:bold;">
<TD style="padding-right:20px;white-space:nowrap;text-align:left;" class="header">Action</TD>
@@ -16,8 +16,8 @@
<TD style="padding-right:20px;white-space:nowrap;">
<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deleteauth?user="..view.value.user.value.."&auth="..auth.id, label="Delete "} %>
</TD>
- <TD style="padding-right:20px;white-space:nowrap;"><%= auth.id %></TD>
- <TD style="white-space:nowrap;"><% if #auth.key>32 then io.write(string.sub(auth.key,0,16) .. " ... " .. string.sub(auth.key, -16)) else io.write(auth.key) end %></TD>
+ <TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(auth.id) %></TD>
+ <TD style="white-space:nowrap;"><% if #auth.key>32 then io.write(html.html_escape(string.sub(auth.key,0,16)) .. " ... " .. html.html_escape(string.sub(auth.key, -16))) else io.write(html.html_escape(auth.key)) end %></TD>
</TR>
<% end %>
</TABLE></DL>
diff --git a/openssh-listusers-html.lsp b/openssh-listusers-html.lsp
index f49eb58..df941b6 100644
--- a/openssh-listusers-html.lsp
+++ b/openssh-listusers-html.lsp
@@ -4,7 +4,7 @@
<H1>System User Accounts</H1>
<DL>
<% for i,user in ipairs(view.value) do %>
- <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= user %></DT>
- <DD><A HREF='listauth?user=<%= user %>'>Edit this account</A></DD>
+ <DT><IMG SRC='/skins/static/tango/16x16/apps/system-users.png' HEIGHT='16' WIDTH='16'> <%= html.html_escape(user) %></DT>
+ <DD><A HREF='listauth?user=<%= html.html_escape(user) %>'>Edit this account</A></DD>
<% end %>
</DL>