diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-01-15 21:44:39 +0000 |
commit | 3c67f77555e636f949588c049c2074c70a1cbe33 (patch) | |
tree | 1b9e71fc71f4d8e0617b0b0973cb411009eb4331 /interfaces-read-html.lsp | |
parent | 5ec7a43c6f0a6cd1369da101fa0e3f1f12d99973 (diff) | |
download | acf-alpine-baselayout-3c67f77555e636f949588c049c2074c70a1cbe33.tar.bz2 acf-alpine-baselayout-3c67f77555e636f949588c049c2074c70a1cbe33.tar.xz |
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'interfaces-read-html.lsp')
-rw-r--r-- | interfaces-read-html.lsp | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/interfaces-read-html.lsp b/interfaces-read-html.lsp index d0984dc..7504a1f 100644 --- a/interfaces-read-html.lsp +++ b/interfaces-read-html.lsp @@ -11,10 +11,10 @@ io.write("</span>") <% showoption = function(option) if option.errtxt or option.value ~= "" then %> - <TR><TD WIDTH='120px' STYLE='font-weight:bold;border:none;'><%= option.label %></TD> + <TR><TD WIDTH='120px' STYLE='font-weight:bold;border:none;'><%= html.html_escape(option.label) %></TD> <TD STYLE='border:none;'<% if option.errtxt then io.write("class='error'") end %>> - <%= string.gsub(tostring(option.value), "\n", "<BR>") %> - <% if option.errtxt then io.write("<BR>"..option.errtxt) end %> + <%= string.gsub(html.html_escape(tostring(option.value)), "\n", "<BR>") %> + <% if option.errtxt then io.write("<BR>"..html.html_escape(option.errtxt)) end %> </TD></TR> <% end %> <% end %> @@ -29,7 +29,7 @@ end %> <DL> <% for i,entry in ipairs(view.value) do local interface = entry.value %> - <DT><IMG SRC='/skins/static/tango/16x16/devices/network-wired.png' width='16' height='16'> <%= interface.name.value %></DT><DD> + <DT><IMG SRC='/skins/static/tango/16x16/devices/network-wired.png' width='16' height='16'> <%= html.html_escape(interface.name.value) %></DT><DD> <TABLE STYLE='margin-bottom:10px'> <% @@ -42,16 +42,16 @@ end %> end %> <TR> <% if session.permissions.interfaces.update then %> - <A HREF='update?name=<%= interface.name.value %>&redir=read'>Edit </A> + <A HREF='update?name=<%= html.html_escape(interface.name.value) %>&redir=read'>Edit </A> <% end if session.permissions.interfaces.delete then %> - <A HREF='delete?name=<%= interface.name.value %>'>Delete </A> + <A HREF='delete?name=<%= html.html_escape(interface.name.value) %>'>Delete </A> <% end if session.permissions.interfaces.ifup then %> - <A HREF='ifup?name=<%= interface.name.value %>'>ifup </A> + <A HREF='ifup?name=<%= html.html_escape(interface.name.value) %>'>ifup </A> <% end if session.permissions.interfaces.ifdown then %> - <A HREF='ifdown?name=<%= interface.name.value %>'>ifdown </A> + <A HREF='ifdown?name=<%= html.html_escape(interface.name.value) %>'>ifdown </A> <% end %> </TR> </TABLE> @@ -63,5 +63,5 @@ end %> <P class="error">WARNING!!! Restarting networking may cause the ACF web interface to stop functioning. Try refreshing this page after restarting. If that fails, you may have to use terminal access to recover.</P> <DL> <DT>Restart Networking</DT> -<DD><form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/restart" %>"><input class="submit" type="submit" value="Restart"></form></DD> +<DD><form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/restart") %>"><input class="submit" type="submit" value="Restart"></form></DD> </DL> |