diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
| commit | f7bba5fcde5a5674a08f2f62236a7b3ab4be8108 (patch) | |
| tree | c00bc7f7758f4268e96873fb645c568e1bf75b54 | |
| parent | 053d0e601f366d04dc78521496eeea2c8e229ba5 (diff) | |
| download | acf-tcpproxy-f7bba5fcde5a5674a08f2f62236a7b3ab4be8108.tar.bz2 acf-tcpproxy-f7bba5fcde5a5674a08f2f62236a7b3ab4be8108.tar.xz | |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/tcpproxy/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
| -rw-r--r-- | tcpproxy-editsmtpentry-html.lsp | 2 | ||||
| -rw-r--r-- | tcpproxy-listsmtpentries-html.lsp | 6 | ||||
| -rw-r--r-- | tcpproxy-listsmtpfiles-html.lsp | 4 |
3 files changed, 6 insertions, 6 deletions
diff --git a/tcpproxy-editsmtpentry-html.lsp b/tcpproxy-editsmtpentry-html.lsp index 4d5c816..148a24e 100644 --- a/tcpproxy-editsmtpentry-html.lsp +++ b/tcpproxy-editsmtpentry-html.lsp @@ -2,7 +2,7 @@ require("viewfunctions") %> -<H1><%= form.label %></H1> +<H1><%= html.html_escape(form.label) %></H1> <% form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action form.value.ipaddr.readonly = true diff --git a/tcpproxy-listsmtpentries-html.lsp b/tcpproxy-listsmtpentries-html.lsp index 87809a9..9a48e7b 100644 --- a/tcpproxy-listsmtpentries-html.lsp +++ b/tcpproxy-listsmtpentries-html.lsp @@ -23,9 +23,9 @@ require("viewfunctions") <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/delsmtpentry?ipaddr="..(interface.ipaddr or interface.interface), label="Delete "} %> <% end %> </TD> - <TD style="padding-right:20px;white-space:nowrap;"><%= interface.interface or "" %></TD> - <TD style="padding-right:20px;white-space:nowrap;"><%= interface.ipaddr or "" %></TD> - <TD style="white-space:nowrap;"><%= interface.cmd or "" %></TD> + <TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(interface.interface) %></TD> + <TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(interface.ipaddr) %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(interface.cmd) %></TD> </TR> <% end %> </TABLE> diff --git a/tcpproxy-listsmtpfiles-html.lsp b/tcpproxy-listsmtpfiles-html.lsp index 5de93ba..40c8161 100644 --- a/tcpproxy-listsmtpfiles-html.lsp +++ b/tcpproxy-listsmtpfiles-html.lsp @@ -22,7 +22,7 @@ require("viewfunctions") <%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/delsmtpfile?filename="..file, label="Delete "} %> <% end %> </TD> - <TD style="white-space:nowrap;"><%= file %></TD> + <TD style="white-space:nowrap;"><%= html.html_escape(file) %></TD> </TR> <% end %> </TABLE> @@ -30,7 +30,7 @@ require("viewfunctions") <% if viewlibrary and viewlibrary.dispatch_component and session.permissions.tcpproxy.createsmtpfile then local createform = viewlibrary.dispatch_component("createsmtpfile", nil, true) %> -<H2><%= createform.label %></H2> +<H2><%= html.html_escape(createform.label) %></H2> <% createform.action = page_info.script .. page_info.prefix .. page_info.controller .. "/createsmtpfile" displayform(createform) |