From ce796fb65dd1ae945cc5cfd897691b8ca774ff9c Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Thu, 15 Jan 2009 21:44:39 +0000 Subject: Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them. git-svn-id: svn://svn.alpinelinux.org/acf/openvpn/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed --- openvpn-listconfigs-html.lsp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'openvpn-listconfigs-html.lsp') diff --git a/openvpn-listconfigs-html.lsp b/openvpn-listconfigs-html.lsp index 1e67f4b..498e52f 100644 --- a/openvpn-listconfigs-html.lsp +++ b/openvpn-listconfigs-html.lsp @@ -29,13 +29,13 @@ end %> <%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/deleteconfig?name=" .. config.name.."&redir="..page_info.orig_action, label="Delete " } %> <% end %> - <%= string.gsub(config.name, "^.*/", "") %> - ><%= config.type %> - <%= config.status %> - <% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= config.clients %><% end %><% end %> + <%= html.html_escape(string.gsub(config.name, "^.*/", "")) %> + ><%= html.html_escape(config.type) %> + <%= html.html_escape(config.status) %> + <% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= html.html_escape(config.clients) %><% end %><% end %> <% if config.errtxt then %> - <%= config.errtxt %> + <%= html.html_escape(config.errtxt) %> <% end %> <% end %> -- cgit v1.2.3