From a89437b3c168e6d5f38b8e577f31ea89f5c9c8d0 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 15 Jan 2009 21:44:39 +0000
Subject: Modified html.lua and viewlibrary.lua and all html files to
 html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/tinydns/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 tinydns-listpermissions-html.lsp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'tinydns-listpermissions-html.lsp')

diff --git a/tinydns-listpermissions-html.lsp b/tinydns-listpermissions-html.lsp
index fc80db9..55d09b5 100644
--- a/tinydns-listpermissions-html.lsp
+++ b/tinydns-listpermissions-html.lsp
@@ -6,7 +6,7 @@
 
 <% displaycommandresults({"edituserpermisisons", "editrolepermissions"}, session) %>
 
-<H1><%= view.label %></H1>
+<H1><%= html.html_escape(view.label) %></H1>
 
 <H2>User Permissions</H2>
 <TABLE>
@@ -14,7 +14,7 @@
 <% for i,user in ipairs(view.value.user) do %>
 	<TR><TD><%= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/edituserpermissions?userid=" .. user.id .. "&redir="..page_info.orig_action, label=user.id} %></TD><TD>
 	<% for y,allowed in pairs(user.allowed) do
-		print(allowed, "<BR>")
+		print(html.html_escape(allowed), "<BR>")
 	end %>
 	<TD></TR>
 <% end %>
@@ -26,7 +26,7 @@
 <% for i,role in ipairs(view.value.role) do %>
 	<TR><TD><%= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/editrolepermissions?role=" .. role.id .. "&redir="..page_info.orig_action, label=role.id} %></TD><TD>
 	<% for y,allowed in pairs(role.allowed) do
-		print(allowed, "<BR>")
+		print(html.html_escape(allowed), "<BR>")
 	end %>
 	<TD></TR>
 <% end %>
-- 
cgit v1.2.3