diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | a009a60dd69a2fd67699dbf3183398779ec5721e (patch) | |
tree | 7f4c66f79d574bee51256f4e4610e6b7c65d201e | |
parent | c26612b5fe2867d6da9a7c31689e186a05ae6cff (diff) | |
download | acf-squid-a009a60dd69a2fd67699dbf3183398779ec5721e.tar.bz2 acf-squid-a009a60dd69a2fd67699dbf3183398779ec5721e.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | squid-config-html.lsp | 2 | ||||
-rw-r--r-- | squid-digest-html.lsp | 2 | ||||
-rw-r--r-- | squid-listfiles-html.lsp | 4 | ||||
-rw-r--r-- | squid-saccess-html.lsp | 6 |
4 files changed, 7 insertions, 7 deletions
diff --git a/squid-config-html.lsp b/squid-config-html.lsp index 5a9da1a..3f2c786 100644 --- a/squid-config-html.lsp +++ b/squid-config-html.lsp @@ -8,7 +8,7 @@ require("viewfunctions") viewlibrary.dispatch_component("status") end %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action local order = {"httpports", "accesslog", "diskcache", "authmethod"} diff --git a/squid-digest-html.lsp b/squid-digest-html.lsp index c5049c9..e02c6aa 100644 --- a/squid-digest-html.lsp +++ b/squid-digest-html.lsp @@ -8,7 +8,7 @@ <% displayitem(form.value.status) if form.value.status.errtxt then %> -<dt></dt><dd><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/enabledigestlist" %>"> +<dt></dt><dd><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/enabledigestlist") %>"> <input class="submit" type="submit" value="Enable"></form></dd> <% end %> diff --git a/squid-listfiles-html.lsp b/squid-listfiles-html.lsp index 0fc6a1e..1fbc41a 100644 --- a/squid-listfiles-html.lsp +++ b/squid-listfiles-html.lsp @@ -22,7 +22,7 @@ require("viewfunctions") <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletefile?filename="..file, label="Delete "} %> <% end %> </TD> - <TD style="white-space:nowrap;"><%= file %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(file) %></TD> </TR> <% end %> </TABLE> @@ -30,7 +30,7 @@ require("viewfunctions") <% if viewlibrary and viewlibrary.dispatch_component and session.permissions.squid.createfile then local createform = viewlibrary.dispatch_component("createfile", nil, true) %> -<H2><%= createform.label %></H2> +<H2><%= html.html_escape(createform.label) %></H2> <% createform.action = page_info.script .. page_info.prefix .. page_info.controller .. "/createfile" displayform(createform) diff --git a/squid-saccess-html.lsp b/squid-saccess-html.lsp index 0c11f08..9b9a40f 100644 --- a/squid-saccess-html.lsp +++ b/squid-saccess-html.lsp @@ -18,7 +18,7 @@ If you wish to specify hosts that may access the Internet by IP address, enter the address(es) in the box below, one per line. </p> -<textarea name="s_ip"><% io.write( service.config.s_ip ) %></textarea> +<textarea name="s_ip"><%= html.html_escape( service.config.s_ip ) %></textarea> <h2>Browser Identification</h2> <p> @@ -27,7 +27,7 @@ specify it here. Note that any client identifying itself as this type of browser will be allowed anonymous access. Enter the browser identification(s) in the box below, one per line. Regular expressions are allowed. </p> -<textarea name="s_browser"><% io.write( service.config.s_browser ) %></textarea> +<textarea name="s_browser"><%= html.html_escape( service.config.s_browser ) %></textarea> <h2>Special Domains</h2> <p> @@ -35,7 +35,7 @@ If you have a specail domain that needs to be accessed in a special way, you may specify if here. This will allow anonymous access to the domains listed. Enter the domain url below. Regular expressions are allowed. </p> -<textarea name="s_domain"><% io.write( service.config.s_domain ) %></textarea> +<textarea name="s_domain"><%= html.html_escape( service.config.s_domain ) %></textarea> <h3>Save Changes</h3> <dl> |