summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
committerTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
commit7501c1e7414f71a44feef23937505bd3eb7e5c28 (patch)
tree5689eadc01717c3ac20127b569e28cc46797fd36
parent77f10141386c423248bb07a5b4ce794ad9aca138 (diff)
downloadacf-shorewall-7501c1e7414f71a44feef23937505bd3eb7e5c28.tar.bz2
acf-shorewall-7501c1e7414f71a44feef23937505bd3eb7e5c28.tar.xz
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/shorewall/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--shorewall-details-html.lsp4
-rw-r--r--shorewall-listfiles-html.lsp8
2 files changed, 6 insertions, 6 deletions
diff --git a/shorewall-details-html.lsp b/shorewall-details-html.lsp
index d5a65ec..06436b0 100644
--- a/shorewall-details-html.lsp
+++ b/shorewall-details-html.lsp
@@ -13,7 +13,7 @@ io.write("</span>")
viewlibrary.dispatch_component("status")
end %>
-<H2><%= data.label %></H2>
+<H2><%= html.html_escape(data.label) %></H2>
<PRE>
-<%= data.value %>
+<%= html.html_escape(data.value) %>
</PRE>
diff --git a/shorewall-listfiles-html.lsp b/shorewall-listfiles-html.lsp
index 3e1c035..0c36913 100644
--- a/shorewall-listfiles-html.lsp
+++ b/shorewall-listfiles-html.lsp
@@ -15,7 +15,7 @@ io.write("</span>")
viewlibrary.dispatch_component("status")
end %>
-<h1><%= data.label %></h1>
+<h1><%= html.html_escape(data.label) %></h1>
<TABLE>
<TR style="background:#eee;font-weight:bold;">
@@ -28,13 +28,13 @@ end %>
<% for i,file in ipairs(data.value) do %>
<TR>
<TD style="padding-right:20px;white-space:nowrap;"><%= html.link{value = "edit?filename=" .. file.filename.."&redir="..page_info.orig_action, label=file.filename} %></TD>
- <TD style="padding-right:20px;white-space:nowrap;"><%= file.filesize %></TD>
- <TD style="white-space:nowrap;" width="90%"><%= file.mtime %></TD>
+ <TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(file.filesize) %></TD>
+ <TD style="white-space:nowrap;" width="90%"><%= html.html_escape(file.mtime) %></TD>
</TR>
<% end %>
</TABLE>
<DL>
-<form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/check" %>">
+<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/check") %>">
<DT>Check Configuration</DT>
<DD><input class="submit" type="submit" value="Check"></DD>
</form>