diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | ce796fb65dd1ae945cc5cfd897691b8ca774ff9c (patch) | |
tree | beabe5d11cdefb0a7a54674ab7a0a87565c987e4 /openvpn-viewconfig-html.lsp | |
parent | 868be7c7183b179ddab351fd32790d843b6854c7 (diff) | |
download | acf-openvpn-ce796fb65dd1ae945cc5cfd897691b8ca774ff9c.tar.bz2 acf-openvpn-ce796fb65dd1ae945cc5cfd897691b8ca774ff9c.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/openvpn/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'openvpn-viewconfig-html.lsp')
-rw-r--r-- | openvpn-viewconfig-html.lsp | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/openvpn-viewconfig-html.lsp b/openvpn-viewconfig-html.lsp index 1cdfa8d..c70f191 100644 --- a/openvpn-viewconfig-html.lsp +++ b/openvpn-viewconfig-html.lsp @@ -2,48 +2,48 @@ <% require("format") %> <% local shortname = string.gsub(view.value.name, "^.*/", "") %> -<h1><%= format.cap_begin_word(view.value.type) %> config '<%= shortname %>'</h1> +<h1><%= html.html_escape(format.cap_begin_word(view.value.type)) %> config '<%= html.html_escape(shortname) %>'</h1> -<h2><%= format.cap_begin_word(view.value.type) %> settings</h2> +<h2><%= html.html_escape(format.cap_begin_word(view.value.type)) %> settings</h2> <dl> <dt>Mode</dt> -<dd><%= view.value.type %></dd> +<dd><%= html.html_escape(view.value.type) %></dd> <dt>User device</dt> -<dd><%= view.value.dev %></dd> +<dd><%= html.html_escape(view.value.dev) %></dd> <% if view.value.type == "server" then %> <dt>Listens on</dt> -<dd><%= view.value["local"] %>:<%= view.value.port %> (<%= view.value.proto %>)</dd> +<dd><%= html.html_escape(view.value["local"]) %>:<%= html.html_escape(view.value.port) %> (<%= html.html_escape(view.value.proto) %>)</dd> <% end %> <% if view.value.type == "client" then %> <dt>Remote server</dt> -<dd><% if string.find(view.value.remote, "%s") then io.write((string.gsub(view.value.remote, "%s+", ":"))) else io.write(view.value.remote .. (view.value.rport or view.value.port or "1194")) end %> (<%= view.value.proto %>)</dd> +<dd><% if string.find(view.value.remote, "%s") then io.write(html.html_escape(string.gsub(view.value.remote, "%s+", ":"))) else io.write(html.html_escape(view.value.remote .. (view.value.rport or view.value.port or "1194"))) end %> (<%= html.html_escape(view.value.proto) %>)</dd> <% end %> <dt>Logfile</dt> -<dd><% if ( view.value.log ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/logfile?name=" .. view.value.name, label=view.value.log } %><% else %>Syslog<% end %> (Verbosity level: <%= view.value.verb %>)</dd> +<dd><% if ( view.value.log ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/logfile?name=" .. view.value.name, label=view.value.log } %><% else %>Syslog<% end %> (Verbosity level: <%= html.html_escape(view.value.verb) %>)</dd> </dl> <% if view.value.type == "server" then %> <h3>Connected clients status</h3> <dl> <dt>Last status was recorded</dt> -<dd><%= view.value.client_lastupdate %> (This was <b><%= view.value.client_lastdatechangediff %></b> ago)</dd> +<dd><%= html.html_escape(view.value.client_lastupdate) %> (This was <b><%= html.html_escape(view.value.client_lastdatechangediff) %></b> ago)</dd> <dt>Maximum clients</dt> -<dd><%= view.value["max-clients"] %></dd> +<dd><%= html.html_escape(view.value["max-clients"]) %></dd> <dt>Connected clients</dt> -<dd><% if ( view.value.client_count > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. view.value.name , label=view.value.client_count } %><% else %><%= view.value.client_count %><% end %></dd> +<dd><% if ( view.value.client_count > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. view.value.name , label=view.value.client_count } %><% else %><%= html.html_escape(view.value.client_count) %><% end %></dd> </dl> <% end %> <h2>Startup options</h2> <dl> <dt>Process status</dt> -<dd><%= view.value.status_isrunning %></dd> +<dd><%= html.html_escape(view.value.status_isrunning) %></dd> </dl> <% if view.value.dh or view.value.ca or view.value.cert or view.value.key or view.value.tls or view.value.crl then %> @@ -51,32 +51,32 @@ <dl> <% if (view.value.dh) then %> <dt>DH</dt> -<dd><%= view.value.dh %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.dh , label=view.value.dh } %></dd> +<dd><%= html.html_escape(view.value.dh) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.dh , label=view.value.dh } %></dd> <% end %> <% if (view.value.ca) then %> <dt>CA Certificate</dt> -<dd><%= view.value.ca %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.ca , label=view.value.ca } %></dd> +<dd><%= html.html_escape(view.value.ca) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.ca , label=view.value.ca } %></dd> <% end %> <% if (view.value.cert) then %> <dt>Certificate</dt> -<dd><%= view.value.cert %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.cert , label=view.value.cert } %></dd> +<dd><%= html.html_escape(view.value.cert) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.cert , label=view.value.cert } %></dd> <% end %> <% if (view.value.key) then %> <dt>Private Key</dt> -<dd><%= view.value.key %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.key , label=view.value.key } %></dd> +<dd><%= html.html_escape(view.value.key) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.key , label=view.value.key } %></dd> <% end %> <% if (view.value.tls) then %> <dt>TLS Authentication</dt> -<dd><%= view.value.tls %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.tls , label=view.value.tls } %></dd> +<dd><%= html.html_escape(view.value.tls) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.tls , label=view.value.tls } %></dd> <% end %> <% if (view.value.crl) then %> <dt>CRL Verify File</dt> -<dd><%= view.value.crl %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.crl , label=view.value.crl } %></dd> +<dd><%= html.html_escape(view.value.crl) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.crl , label=view.value.crl } %></dd> <% end %> </dl> <% end %> |