diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | ce796fb65dd1ae945cc5cfd897691b8ca774ff9c (patch) | |
tree | beabe5d11cdefb0a7a54674ab7a0a87565c987e4 | |
parent | 868be7c7183b179ddab351fd32790d843b6854c7 (diff) | |
download | acf-openvpn-ce796fb65dd1ae945cc5cfd897691b8ca774ff9c.tar.bz2 acf-openvpn-ce796fb65dd1ae945cc5cfd897691b8ca774ff9c.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/openvpn/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | openvpn-listconfigs-html.lsp | 10 | ||||
-rw-r--r-- | openvpn-statusinfo-html.lsp | 12 | ||||
-rw-r--r-- | openvpn-viewconfig-html.lsp | 34 |
3 files changed, 28 insertions, 28 deletions
diff --git a/openvpn-listconfigs-html.lsp b/openvpn-listconfigs-html.lsp index 1e67f4b..498e52f 100644 --- a/openvpn-listconfigs-html.lsp +++ b/openvpn-listconfigs-html.lsp @@ -29,13 +29,13 @@ end %> <%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/deleteconfig?name=" .. config.name.."&redir="..page_info.orig_action, label="Delete " } %> <% end %> </TD> - <TD><%= string.gsub(config.name, "^.*/", "") %></TD> - <TD <% if config.errtxt then io.write('class="error"') end %>><%= config.type %></TD> - <TD><%= config.status %></TD> - <TD><% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= config.clients %><% end %><% end %></TD> + <TD><%= html.html_escape(string.gsub(config.name, "^.*/", "")) %></TD> + <TD <% if config.errtxt then io.write('class="error"') end %>><%= html.html_escape(config.type) %></TD> + <TD><%= html.html_escape(config.status) %></TD> + <TD><% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= html.html_escape(config.clients) %><% end %><% end %></TD> </TR> <% if config.errtxt then %> - <TR class="error"><TD colspan=5><%= config.errtxt %></TD></TR> + <TR class="error"><TD colspan=5><%= html.html_escape(config.errtxt) %></TD></TR> <% end %> <% end %> diff --git a/openvpn-statusinfo-html.lsp b/openvpn-statusinfo-html.lsp index e6f85b5..e68ca0c 100644 --- a/openvpn-statusinfo-html.lsp +++ b/openvpn-statusinfo-html.lsp @@ -13,14 +13,14 @@ </TR> <% for i in ipairs(view.value) do %> <TR> - <TD><%= view.value[i].CN %></TD> - <TD><%= view.value[i].VIRTADDR %></TD> - <TD><%= view.value[i].REALADDR %></TD> - <TD><%= view.value[i].BYTESRCV %></TD> - <TD><%= view.value[i].BYTESSND %></TD> + <TD><%= html.html_escape(view.value[i].CN) %></TD> + <TD><%= html.html_escape(view.value[i].VIRTADDR) %></TD> + <TD><%= html.html_escape(view.value[i].REALADDR) %></TD> + <TD><%= html.html_escape(view.value[i].BYTESRCV) %></TD> + <TD><%= html.html_escape(view.value[i].BYTESSND) %></TD> </TR> <TR> - <TD COLSPAN=5 style="border-bottom: 1px solid #ccc;"><%= view.value[i].CONN %></TD> + <TD COLSPAN=5 style="border-bottom: 1px solid #ccc;"><%= html.html_escape(view.value[i].CONN) %></TD> </TR> <% end %> diff --git a/openvpn-viewconfig-html.lsp b/openvpn-viewconfig-html.lsp index 1cdfa8d..c70f191 100644 --- a/openvpn-viewconfig-html.lsp +++ b/openvpn-viewconfig-html.lsp @@ -2,48 +2,48 @@ <% require("format") %> <% local shortname = string.gsub(view.value.name, "^.*/", "") %> -<h1><%= format.cap_begin_word(view.value.type) %> config '<%= shortname %>'</h1> +<h1><%= html.html_escape(format.cap_begin_word(view.value.type)) %> config '<%= html.html_escape(shortname) %>'</h1> -<h2><%= format.cap_begin_word(view.value.type) %> settings</h2> +<h2><%= html.html_escape(format.cap_begin_word(view.value.type)) %> settings</h2> <dl> <dt>Mode</dt> -<dd><%= view.value.type %></dd> +<dd><%= html.html_escape(view.value.type) %></dd> <dt>User device</dt> -<dd><%= view.value.dev %></dd> +<dd><%= html.html_escape(view.value.dev) %></dd> <% if view.value.type == "server" then %> <dt>Listens on</dt> -<dd><%= view.value["local"] %>:<%= view.value.port %> (<%= view.value.proto %>)</dd> +<dd><%= html.html_escape(view.value["local"]) %>:<%= html.html_escape(view.value.port) %> (<%= html.html_escape(view.value.proto) %>)</dd> <% end %> <% if view.value.type == "client" then %> <dt>Remote server</dt> -<dd><% if string.find(view.value.remote, "%s") then io.write((string.gsub(view.value.remote, "%s+", ":"))) else io.write(view.value.remote .. (view.value.rport or view.value.port or "1194")) end %> (<%= view.value.proto %>)</dd> +<dd><% if string.find(view.value.remote, "%s") then io.write(html.html_escape(string.gsub(view.value.remote, "%s+", ":"))) else io.write(html.html_escape(view.value.remote .. (view.value.rport or view.value.port or "1194"))) end %> (<%= html.html_escape(view.value.proto) %>)</dd> <% end %> <dt>Logfile</dt> -<dd><% if ( view.value.log ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/logfile?name=" .. view.value.name, label=view.value.log } %><% else %>Syslog<% end %> (Verbosity level: <%= view.value.verb %>)</dd> +<dd><% if ( view.value.log ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/logfile?name=" .. view.value.name, label=view.value.log } %><% else %>Syslog<% end %> (Verbosity level: <%= html.html_escape(view.value.verb) %>)</dd> </dl> <% if view.value.type == "server" then %> <h3>Connected clients status</h3> <dl> <dt>Last status was recorded</dt> -<dd><%= view.value.client_lastupdate %> (This was <b><%= view.value.client_lastdatechangediff %></b> ago)</dd> +<dd><%= html.html_escape(view.value.client_lastupdate) %> (This was <b><%= html.html_escape(view.value.client_lastdatechangediff) %></b> ago)</dd> <dt>Maximum clients</dt> -<dd><%= view.value["max-clients"] %></dd> +<dd><%= html.html_escape(view.value["max-clients"]) %></dd> <dt>Connected clients</dt> -<dd><% if ( view.value.client_count > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. view.value.name , label=view.value.client_count } %><% else %><%= view.value.client_count %><% end %></dd> +<dd><% if ( view.value.client_count > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. view.value.name , label=view.value.client_count } %><% else %><%= html.html_escape(view.value.client_count) %><% end %></dd> </dl> <% end %> <h2>Startup options</h2> <dl> <dt>Process status</dt> -<dd><%= view.value.status_isrunning %></dd> +<dd><%= html.html_escape(view.value.status_isrunning) %></dd> </dl> <% if view.value.dh or view.value.ca or view.value.cert or view.value.key or view.value.tls or view.value.crl then %> @@ -51,32 +51,32 @@ <dl> <% if (view.value.dh) then %> <dt>DH</dt> -<dd><%= view.value.dh %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.dh , label=view.value.dh } %></dd> +<dd><%= html.html_escape(view.value.dh) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.dh , label=view.value.dh } %></dd> <% end %> <% if (view.value.ca) then %> <dt>CA Certificate</dt> -<dd><%= view.value.ca %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.ca , label=view.value.ca } %></dd> +<dd><%= html.html_escape(view.value.ca) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.ca , label=view.value.ca } %></dd> <% end %> <% if (view.value.cert) then %> <dt>Certificate</dt> -<dd><%= view.value.cert %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.cert , label=view.value.cert } %></dd> +<dd><%= html.html_escape(view.value.cert) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.cert , label=view.value.cert } %></dd> <% end %> <% if (view.value.key) then %> <dt>Private Key</dt> -<dd><%= view.value.key %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.key , label=view.value.key } %></dd> +<dd><%= html.html_escape(view.value.key) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.key , label=view.value.key } %></dd> <% end %> <% if (view.value.tls) then %> <dt>TLS Authentication</dt> -<dd><%= view.value.tls %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.tls , label=view.value.tls } %></dd> +<dd><%= html.html_escape(view.value.tls) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.tls , label=view.value.tls } %></dd> <% end %> <% if (view.value.crl) then %> <dt>CRL Verify File</dt> -<dd><%= view.value.crl %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.crl , label=view.value.crl } %></dd> +<dd><%= html.html_escape(view.value.crl) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.crl , label=view.value.crl } %></dd> <% end %> </dl> <% end %> |