summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
committerTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
commita009a60dd69a2fd67699dbf3183398779ec5721e (patch)
tree7f4c66f79d574bee51256f4e4610e6b7c65d201e
parentc26612b5fe2867d6da9a7c31689e186a05ae6cff (diff)
downloadacf-squid-a009a60dd69a2fd67699dbf3183398779ec5721e.tar.bz2
acf-squid-a009a60dd69a2fd67699dbf3183398779ec5721e.tar.xz
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--squid-config-html.lsp2
-rw-r--r--squid-digest-html.lsp2
-rw-r--r--squid-listfiles-html.lsp4
-rw-r--r--squid-saccess-html.lsp6
4 files changed, 7 insertions, 7 deletions
diff --git a/squid-config-html.lsp b/squid-config-html.lsp
index 5a9da1a..3f2c786 100644
--- a/squid-config-html.lsp
+++ b/squid-config-html.lsp
@@ -8,7 +8,7 @@ require("viewfunctions")
viewlibrary.dispatch_component("status")
end %>
-<H1><%= form.label %></H1>
+<H1><%= html.html_escape(form.label) %></H1>
<%
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action
local order = {"httpports", "accesslog", "diskcache", "authmethod"}
diff --git a/squid-digest-html.lsp b/squid-digest-html.lsp
index c5049c9..e02c6aa 100644
--- a/squid-digest-html.lsp
+++ b/squid-digest-html.lsp
@@ -8,7 +8,7 @@
<%
displayitem(form.value.status)
if form.value.status.errtxt then %>
-<dt></dt><dd><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/enabledigestlist" %>">
+<dt></dt><dd><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/enabledigestlist") %>">
<input class="submit" type="submit" value="Enable"></form></dd>
<% end
%>
diff --git a/squid-listfiles-html.lsp b/squid-listfiles-html.lsp
index 0fc6a1e..1fbc41a 100644
--- a/squid-listfiles-html.lsp
+++ b/squid-listfiles-html.lsp
@@ -22,7 +22,7 @@ require("viewfunctions")
<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletefile?filename="..file, label="Delete "} %>
<% end %>
</TD>
- <TD style="white-space:nowrap;"><%= file %></TD>
+ <TD style="white-space:nowrap;"><%= html.html_escape(file) %></TD>
</TR>
<% end %>
</TABLE>
@@ -30,7 +30,7 @@ require("viewfunctions")
<% if viewlibrary and viewlibrary.dispatch_component and session.permissions.squid.createfile then
local createform = viewlibrary.dispatch_component("createfile", nil, true) %>
-<H2><%= createform.label %></H2>
+<H2><%= html.html_escape(createform.label) %></H2>
<%
createform.action = page_info.script .. page_info.prefix .. page_info.controller .. "/createfile"
displayform(createform)
diff --git a/squid-saccess-html.lsp b/squid-saccess-html.lsp
index 0c11f08..9b9a40f 100644
--- a/squid-saccess-html.lsp
+++ b/squid-saccess-html.lsp
@@ -18,7 +18,7 @@
If you wish to specify hosts that may access the Internet by IP address,
enter the address(es) in the box below, one per line.
</p>
-<textarea name="s_ip"><% io.write( service.config.s_ip ) %></textarea>
+<textarea name="s_ip"><%= html.html_escape( service.config.s_ip ) %></textarea>
<h2>Browser Identification</h2>
<p>
@@ -27,7 +27,7 @@ specify it here. Note that any client identifying itself as this type
of browser will be allowed anonymous access. Enter the browser identification(s)
in the box below, one per line. Regular expressions are allowed.
</p>
-<textarea name="s_browser"><% io.write( service.config.s_browser ) %></textarea>
+<textarea name="s_browser"><%= html.html_escape( service.config.s_browser ) %></textarea>
<h2>Special Domains</h2>
<p>
@@ -35,7 +35,7 @@ If you have a specail domain that needs to be accessed in a special way, you
may specify if here. This will allow anonymous access to the domains listed.
Enter the domain url below. Regular expressions are allowed.
</p>
-<textarea name="s_domain"><% io.write( service.config.s_domain ) %></textarea>
+<textarea name="s_domain"><%= html.html_escape( service.config.s_domain ) %></textarea>
<h3>Save Changes</h3>
<dl>