diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | e07adbcd12b29fabd666f25aca694e59f9a5d1f8 (patch) | |
tree | 22ba7804c2147be0a9ddbcf5dc0d28432fb4ada4 /openssh-listauth-html.lsp | |
parent | 4bf7c04933f59a5afa245bf05644e1ecb5ddd36b (diff) | |
download | acf-openssh-e07adbcd12b29fabd666f25aca694e59f9a5d1f8.tar.bz2 acf-openssh-e07adbcd12b29fabd666f25aca694e59f9a5d1f8.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/openssh/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'openssh-listauth-html.lsp')
-rw-r--r-- | openssh-listauth-html.lsp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/openssh-listauth-html.lsp b/openssh-listauth-html.lsp index f54a08a..d93bc8b 100644 --- a/openssh-listauth-html.lsp +++ b/openssh-listauth-html.lsp @@ -4,7 +4,7 @@ <% displaycommandresults({"deleteauth"}, session) %> <% displaycommandresults({"addauth"}, session, true) %> -<H1>Authorized Keys for <%= view.value.user.value %></H1> +<H1>Authorized Keys for <%= html.html_escape(view.value.user.value) %></H1> <DL><TABLE> <TR style="background:#eee;font-weight:bold;"> <TD style="padding-right:20px;white-space:nowrap;text-align:left;" class="header">Action</TD> @@ -16,8 +16,8 @@ <TD style="padding-right:20px;white-space:nowrap;"> <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deleteauth?user="..view.value.user.value.."&auth="..auth.id, label="Delete "} %> </TD> - <TD style="padding-right:20px;white-space:nowrap;"><%= auth.id %></TD> - <TD style="white-space:nowrap;"><% if #auth.key>32 then io.write(string.sub(auth.key,0,16) .. " ... " .. string.sub(auth.key, -16)) else io.write(auth.key) end %></TD> + <TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(auth.id) %></TD> + <TD style="white-space:nowrap;"><% if #auth.key>32 then io.write(html.html_escape(string.sub(auth.key,0,16)) .. " ... " .. html.html_escape(string.sub(auth.key, -16))) else io.write(html.html_escape(auth.key)) end %></TD> </TR> <% end %> </TABLE></DL> |