Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/openvpn/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 5 insertions, 5 deletions

diff --git a/openvpn-listconfigs-html.lsp b/openvpn-listconfigs-html.lsp
index 1e67f4b..498e52f 100644
--- a/openvpn-listconfigs-html.lsp
+++ b/openvpn-listconfigs-html.lsp
@@ -29,13 +29,13 @@ end %>
 			<%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/deleteconfig?name=" .. config.name.."&redir="..page_info.orig_action, label="Delete " } %>
 		<% end %>
 		</TD>
-		<TD><%= string.gsub(config.name, "^.*/", "") %></TD>
-		<TD <% if config.errtxt then io.write('class="error"') end %>><%= config.type %></TD>
-		<TD><%= config.status %></TD>
-		<TD><% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= config.clients %><% end %><% end %></TD>
+		<TD><%= html.html_escape(string.gsub(config.name, "^.*/", "")) %></TD>
+		<TD <% if config.errtxt then io.write('class="error"') end %>><%= html.html_escape(config.type) %></TD>
+		<TD><%= html.html_escape(config.status) %></TD>
+		<TD><% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= html.html_escape(config.clients) %><% end %><% end %></TD>
 	</TR>		
 	<% if config.errtxt then %>
-		<TR class="error"><TD colspan=5><%= config.errtxt %></TD></TR>
+		<TR class="error"><TD colspan=5><%= html.html_escape(config.errtxt) %></TD></TR>
 	<% end %>
 <% end %>