summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--openvpn-listconfigs-html.lsp10
-rw-r--r--openvpn-statusinfo-html.lsp12
-rw-r--r--openvpn-viewconfig-html.lsp34
3 files changed, 28 insertions, 28 deletions
diff --git a/openvpn-listconfigs-html.lsp b/openvpn-listconfigs-html.lsp
index 1e67f4b..498e52f 100644
--- a/openvpn-listconfigs-html.lsp
+++ b/openvpn-listconfigs-html.lsp
@@ -29,13 +29,13 @@ end %>
<%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/deleteconfig?name=" .. config.name.."&redir="..page_info.orig_action, label="Delete " } %>
<% end %>
</TD>
- <TD><%= string.gsub(config.name, "^.*/", "") %></TD>
- <TD <% if config.errtxt then io.write('class="error"') end %>><%= config.type %></TD>
- <TD><%= config.status %></TD>
- <TD><% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= config.clients %><% end %><% end %></TD>
+ <TD><%= html.html_escape(string.gsub(config.name, "^.*/", "")) %></TD>
+ <TD <% if config.errtxt then io.write('class="error"') end %>><%= html.html_escape(config.type) %></TD>
+ <TD><%= html.html_escape(config.status) %></TD>
+ <TD><% if ( config.type == "server" ) then %><% if ( config.clients > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. config.name, label = config.clients } %><% else %><%= html.html_escape(config.clients) %><% end %><% end %></TD>
</TR>
<% if config.errtxt then %>
- <TR class="error"><TD colspan=5><%= config.errtxt %></TD></TR>
+ <TR class="error"><TD colspan=5><%= html.html_escape(config.errtxt) %></TD></TR>
<% end %>
<% end %>
diff --git a/openvpn-statusinfo-html.lsp b/openvpn-statusinfo-html.lsp
index e6f85b5..e68ca0c 100644
--- a/openvpn-statusinfo-html.lsp
+++ b/openvpn-statusinfo-html.lsp
@@ -13,14 +13,14 @@
</TR>
<% for i in ipairs(view.value) do %>
<TR>
- <TD><%= view.value[i].CN %></TD>
- <TD><%= view.value[i].VIRTADDR %></TD>
- <TD><%= view.value[i].REALADDR %></TD>
- <TD><%= view.value[i].BYTESRCV %></TD>
- <TD><%= view.value[i].BYTESSND %></TD>
+ <TD><%= html.html_escape(view.value[i].CN) %></TD>
+ <TD><%= html.html_escape(view.value[i].VIRTADDR) %></TD>
+ <TD><%= html.html_escape(view.value[i].REALADDR) %></TD>
+ <TD><%= html.html_escape(view.value[i].BYTESRCV) %></TD>
+ <TD><%= html.html_escape(view.value[i].BYTESSND) %></TD>
</TR>
<TR>
- <TD COLSPAN=5 style="border-bottom: 1px solid #ccc;"><%= view.value[i].CONN %></TD>
+ <TD COLSPAN=5 style="border-bottom: 1px solid #ccc;"><%= html.html_escape(view.value[i].CONN) %></TD>
</TR>
<% end %>
diff --git a/openvpn-viewconfig-html.lsp b/openvpn-viewconfig-html.lsp
index 1cdfa8d..c70f191 100644
--- a/openvpn-viewconfig-html.lsp
+++ b/openvpn-viewconfig-html.lsp
@@ -2,48 +2,48 @@
<% require("format") %>
<% local shortname = string.gsub(view.value.name, "^.*/", "") %>
-<h1><%= format.cap_begin_word(view.value.type) %> config '<%= shortname %>'</h1>
+<h1><%= html.html_escape(format.cap_begin_word(view.value.type)) %> config '<%= html.html_escape(shortname) %>'</h1>
-<h2><%= format.cap_begin_word(view.value.type) %> settings</h2>
+<h2><%= html.html_escape(format.cap_begin_word(view.value.type)) %> settings</h2>
<dl>
<dt>Mode</dt>
-<dd><%= view.value.type %></dd>
+<dd><%= html.html_escape(view.value.type) %></dd>
<dt>User device</dt>
-<dd><%= view.value.dev %></dd>
+<dd><%= html.html_escape(view.value.dev) %></dd>
<% if view.value.type == "server" then %>
<dt>Listens on</dt>
-<dd><%= view.value["local"] %>:<%= view.value.port %> (<%= view.value.proto %>)</dd>
+<dd><%= html.html_escape(view.value["local"]) %>:<%= html.html_escape(view.value.port) %> (<%= html.html_escape(view.value.proto) %>)</dd>
<% end %>
<% if view.value.type == "client" then %>
<dt>Remote server</dt>
-<dd><% if string.find(view.value.remote, "%s") then io.write((string.gsub(view.value.remote, "%s+", ":"))) else io.write(view.value.remote .. (view.value.rport or view.value.port or "1194")) end %> (<%= view.value.proto %>)</dd>
+<dd><% if string.find(view.value.remote, "%s") then io.write(html.html_escape(string.gsub(view.value.remote, "%s+", ":"))) else io.write(html.html_escape(view.value.remote .. (view.value.rport or view.value.port or "1194"))) end %> (<%= html.html_escape(view.value.proto) %>)</dd>
<% end %>
<dt>Logfile</dt>
-<dd><% if ( view.value.log ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/logfile?name=" .. view.value.name, label=view.value.log } %><% else %>Syslog<% end %> (Verbosity level: <%= view.value.verb %>)</dd>
+<dd><% if ( view.value.log ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/logfile?name=" .. view.value.name, label=view.value.log } %><% else %>Syslog<% end %> (Verbosity level: <%= html.html_escape(view.value.verb) %>)</dd>
</dl>
<% if view.value.type == "server" then %>
<h3>Connected clients status</h3>
<dl>
<dt>Last status was recorded</dt>
-<dd><%= view.value.client_lastupdate %> (This was <b><%= view.value.client_lastdatechangediff %></b> ago)</dd>
+<dd><%= html.html_escape(view.value.client_lastupdate) %> (This was <b><%= html.html_escape(view.value.client_lastdatechangediff) %></b> ago)</dd>
<dt>Maximum clients</dt>
-<dd><%= view.value["max-clients"] %></dd>
+<dd><%= html.html_escape(view.value["max-clients"]) %></dd>
<dt>Connected clients</dt>
-<dd><% if ( view.value.client_count > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. view.value.name , label=view.value.client_count } %><% else %><%= view.value.client_count %><% end %></dd>
+<dd><% if ( view.value.client_count > 0 ) then %><%= html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/status_info?name=" .. view.value.name , label=view.value.client_count } %><% else %><%= html.html_escape(view.value.client_count) %><% end %></dd>
</dl>
<% end %>
<h2>Startup options</h2>
<dl>
<dt>Process status</dt>
-<dd><%= view.value.status_isrunning %></dd>
+<dd><%= html.html_escape(view.value.status_isrunning) %></dd>
</dl>
<% if view.value.dh or view.value.ca or view.value.cert or view.value.key or view.value.tls or view.value.crl then %>
@@ -51,32 +51,32 @@
<dl>
<% if (view.value.dh) then %>
<dt>DH</dt>
-<dd><%= view.value.dh %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.dh , label=view.value.dh } %></dd>
+<dd><%= html.html_escape(view.value.dh) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.dh , label=view.value.dh } %></dd>
<% end %>
<% if (view.value.ca) then %>
<dt>CA Certificate</dt>
-<dd><%= view.value.ca %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.ca , label=view.value.ca } %></dd>
+<dd><%= html.html_escape(view.value.ca) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.ca , label=view.value.ca } %></dd>
<% end %>
<% if (view.value.cert) then %>
<dt>Certificate</dt>
-<dd><%= view.value.cert %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.cert , label=view.value.cert } %></dd>
+<dd><%= html.html_escape(view.value.cert) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.cert , label=view.value.cert } %></dd>
<% end %>
<% if (view.value.key) then %>
<dt>Private Key</dt>
-<dd><%= view.value.key %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.key , label=view.value.key } %></dd>
+<dd><%= html.html_escape(view.value.key) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.key , label=view.value.key } %></dd>
<% end %>
<% if (view.value.tls) then %>
<dt>TLS Authentication</dt>
-<dd><%= view.value.tls %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.tls , label=view.value.tls } %></dd>
+<dd><%= html.html_escape(view.value.tls) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.tls , label=view.value.tls } %></dd>
<% end %>
<% if (view.value.crl) then %>
<dt>CRL Verify File</dt>
-<dd><%= view.value.crl %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.crl , label=view.value.crl } %></dd>
+<dd><%= html.html_escape(view.value.crl) %><% -- html.link{value = page_info.script .. page_info.prefix .. page_info.controller .. "/pem_info?name=" .. view.value.crl , label=view.value.crl } %></dd>
<% end %>
</dl>
<% end %>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 11:18:06 +0000