summaryrefslogtreecommitdiffstats
path: root/openssl-html.lsp
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
committerTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
commitafcd120c1c5b8d839820259c9d8b488e994fcffe (patch)
tree4de8e8154f830517eb5b8dd9423973e054d5041b /openssl-html.lsp
parent9457621e19a8c7475412782ad15225a44302006d (diff)
downloadacf-openssl-afcd120c1c5b8d839820259c9d8b488e994fcffe.tar.bz2
acf-openssl-afcd120c1c5b8d839820259c9d8b488e994fcffe.tar.xz
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'openssl-html.lsp')
-rw-r--r--openssl-html.lsp30
1 files changed, 15 insertions, 15 deletions
diff --git a/openssl-html.lsp b/openssl-html.lsp
index 4258171..bd2ed7e 100644
--- a/openssl-html.lsp
+++ b/openssl-html.lsp
@@ -18,7 +18,7 @@ io.write(html.cfe_unpack(view))
<% displaycommandresults({"approve", "deleterequest", "deletemyrequest", "renewcert", "requestrenewcert", "revoke", "deletecert"}, session) %>
-<H1>Pending certificate requests<% if view.value.user then%> for <%= view.value.user.value %><% end %></H1>
+<H1>Pending certificate requests<% if view.value.user then%> for <%= html.html_escape(view.value.user.value) %><% end %></H1>
<% if not view.value.pending or #view.value.pending.value == 0 then %>
No certificates pending
<% else %>
@@ -47,9 +47,9 @@ io.write(html.cfe_unpack(view))
io.write(html.link{value="deletemyrequest?request="..request.name, label="Delete "})
end %>
</td>
- <td><%= request.user %></td>
- <td><%= request.certtype %></td>
- <td><%= request.commonName %></td>
+ <td><%= html.html_escape(request.user) %></td>
+ <td><%= html.html_escape(request.certtype) %></td>
+ <td><%= html.html_escape(request.commonName) %></td>
</tr>
<% end %>
</tbody>
@@ -74,7 +74,7 @@ else
approved = view.value.approved.value
end %>
-<H1>Approved certificate requests<% if view.value.user then%> for <%= view.value.user.value %><% end %></H1>
+<H1>Approved certificate requests<% if view.value.user then%> for <%= html.html_escape(view.value.user.value) %><% end %></H1>
<% if #approved == 0 then %>
No certificates approved
<% else %>
@@ -111,18 +111,18 @@ end %>
<%= html.link{value="deletecert?cert="..cert.name, label="Delete "} %>
<% end %>
</td>
- <td><%= cert.user %></td>
- <td><%= cert.certtype %></td>
- <td><%= cert.commonName %></td>
- <td><%= tostring(tonumber('0x'..cert.serial)) %></td>
- <td><%= cert.enddate %></td>
+ <td><%= html.html_escape(cert.user) %></td>
+ <td><%= html.html_escape(cert.certtype) %></td>
+ <td><%= html.html_escape(cert.commonName) %></td>
+ <td><%= html.html_escape(tostring(tonumber('0x'..cert.serial))) %></td>
+ <td><%= html.html_escape(cert.enddate) %></td>
</tr>
<% end %>
<tbody>
</table>
<% end %>
-<H1>Revoked certificates<% if view.value.user then%> for <%= view.value.user.value %><% end %></H1>
+<H1>Revoked certificates<% if view.value.user then%> for <%= html.html_escape(view.value.user.value) %><% end %></H1>
<% if #revoked == 0 then %>
No certificates revoked
<% else %>
@@ -150,10 +150,10 @@ end %>
<%= html.link{value="deletecert?cert="..cert.name, label="Delete "} %>
<% end %>
</td>
- <td><%= cert.user %></td>
- <td><%= cert.certtype %></td>
- <td><%= cert.commonName %></td>
- <td><%= tostring(tonumber('0x'..cert.serial)) %></td>
+ <td><%= html.html_escape(cert.user) %></td>
+ <td><%= html.html_escape(cert.certtype) %></td>
+ <td><%= html.html_escape(cert.commonName) %></td>
+ <td><%= html.html_escape(tostring(tonumber('0x'..cert.serial))) %></td>
</tr>
<% end %>
</tbody>