From ccdd082c5fe3434aa9f069f6bd634ea7642d9c61 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/postfix/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 postfix-details-html.lsp   | 2 +-
 postfix-listfiles-html.lsp | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/postfix-details-html.lsp b/postfix-details-html.lsp
index f60bb13..b8a4ce7 100644
--- a/postfix-details-html.lsp
+++ b/postfix-details-html.lsp
@@ -9,7 +9,7 @@ io.write("</span>")
 
 <% viewlibrary.dispatch_component("status") %>
 
-<H2><%= data.label %></H2>
+<H2><%= html.html_escape(data.label) %></H2>
 <DL>
 <%
 displayitem(data)
diff --git a/postfix-listfiles-html.lsp b/postfix-listfiles-html.lsp
index ea54404..f94653b 100644
--- a/postfix-listfiles-html.lsp
+++ b/postfix-listfiles-html.lsp
@@ -15,7 +15,7 @@ io.write("</span>")
 	viewlibrary.dispatch_component("status")
 end %>
 
-<h1><%= data.label %></h1>
+<h1><%= html.html_escape(data.label) %></h1>
 
 <TABLE>
 	<TR style="background:#eee;font-weight:bold;">
@@ -28,8 +28,8 @@ end %>
 <% for i,file in ipairs(data.value) do %>
 	<TR>
 		<TD style="padding-right:20px;white-space:nowrap;"><%=  html.link{value = "expert?filename=" .. file.filename.."&redir="..page_info.orig_action, label=file.filename} %></TD>
-		<TD style="padding-right:20px;white-space:nowrap;"><%= file.filesize %></TD>
-		<TD style="white-space:nowrap;" width="90%"><%= file.mtime %></TD>
+		<TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(file.filesize) %></TD>
+		<TD style="white-space:nowrap;" width="90%"><%= html.html_escape(file.mtime) %></TD>
 	</TR>
 <% end %>
 </TABLE>
-- 
cgit v1.2.3