From f7bba5fcde5a5674a08f2f62236a7b3ab4be8108 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/tcpproxy/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 tcpproxy-editsmtpentry-html.lsp   | 2 +-
 tcpproxy-listsmtpentries-html.lsp | 6 +++---
 tcpproxy-listsmtpfiles-html.lsp   | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tcpproxy-editsmtpentry-html.lsp b/tcpproxy-editsmtpentry-html.lsp
index 4d5c816..148a24e 100644
--- a/tcpproxy-editsmtpentry-html.lsp
+++ b/tcpproxy-editsmtpentry-html.lsp
@@ -2,7 +2,7 @@
 require("viewfunctions")
 %>
 
-<H1><%= form.label %></H1>
+<H1><%= html.html_escape(form.label) %></H1>
 <%
 	form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action
 	form.value.ipaddr.readonly = true
diff --git a/tcpproxy-listsmtpentries-html.lsp b/tcpproxy-listsmtpentries-html.lsp
index 87809a9..9a48e7b 100644
--- a/tcpproxy-listsmtpentries-html.lsp
+++ b/tcpproxy-listsmtpentries-html.lsp
@@ -23,9 +23,9 @@ require("viewfunctions")
 			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/delsmtpentry?ipaddr="..(interface.ipaddr or interface.interface), label="Delete "} %>
 		<% end %>
 		</TD>
-		<TD style="padding-right:20px;white-space:nowrap;"><%= interface.interface or "" %></TD>
-		<TD style="padding-right:20px;white-space:nowrap;"><%= interface.ipaddr or "" %></TD>
-		<TD style="white-space:nowrap;"><%= interface.cmd or "" %></TD>
+		<TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(interface.interface) %></TD>
+		<TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(interface.ipaddr) %></TD>
+		<TD style="white-space:nowrap;"><%= html.html_escape(interface.cmd) %></TD>
 	</TR>
 <% end %>
 </TABLE>
diff --git a/tcpproxy-listsmtpfiles-html.lsp b/tcpproxy-listsmtpfiles-html.lsp
index 5de93ba..40c8161 100644
--- a/tcpproxy-listsmtpfiles-html.lsp
+++ b/tcpproxy-listsmtpfiles-html.lsp
@@ -22,7 +22,7 @@ require("viewfunctions")
 			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/delsmtpfile?filename="..file, label="Delete "} %>
 		<% end %>
 		</TD>
-		<TD style="white-space:nowrap;"><%= file %></TD>
+		<TD style="white-space:nowrap;"><%= html.html_escape(file) %></TD>
 	</TR>
 <% end %>
 </TABLE>
@@ -30,7 +30,7 @@ require("viewfunctions")
 
 <% if viewlibrary and viewlibrary.dispatch_component and session.permissions.tcpproxy.createsmtpfile then
 	local createform = viewlibrary.dispatch_component("createsmtpfile", nil, true) %>
-<H2><%= createform.label %></H2>
+<H2><%= html.html_escape(createform.label) %></H2>
 <%
 	createform.action = page_info.script .. page_info.prefix .. page_info.controller .. "/createsmtpfile"
 	displayform(createform)
-- 
cgit v1.2.3