From a89437b3c168e6d5f38b8e577f31ea89f5c9c8d0 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/tinydns/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 tinydns-listfiles-html.lsp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'tinydns-listfiles-html.lsp')

diff --git a/tinydns-listfiles-html.lsp b/tinydns-listfiles-html.lsp
index 4286122..14f8419 100644
--- a/tinydns-listfiles-html.lsp
+++ b/tinydns-listfiles-html.lsp
@@ -31,9 +31,9 @@ io.write("</span>")
 			if session.permissions[page_info.controller].editfile then io.write(html.link{value = "editfile?filename=" .. file.value.filename.value.."&redir="..page_info.orig_action, label="Expert " }) end
 			%>
 		</TD>
-		<TD style="padding-right:20px;white-space:nowrap;text-align:right;"><%= file.value.filesize.value %></TD>
-		<TD style="padding-right:20px;white-space:nowrap;"><%= file.value.mtime.value %></TD>
-		<TD style="white-space:nowrap;" width="90%"><%= string.gsub(file.value.filename.value, "^.*/", "") %></TD>
+		<TD style="padding-right:20px;white-space:nowrap;text-align:right;"><%= html.html_escape(file.value.filesize.value) %></TD>
+		<TD style="padding-right:20px;white-space:nowrap;"><%= html.html_escape(file.value.mtime.value) %></TD>
+		<TD style="white-space:nowrap;" width="90%"><%= html.html_escape(string.gsub(file.value.filename.value, "^.*/", "")) %></TD>
 	</TR>
 <% end %>
 </TABLE>
-- 
cgit v1.2.3