summaryrefslogtreecommitdiffstats
path: root/rc-status-html.lsp
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
committerTed Trask <ttrask01@yahoo.com>2009-01-15 21:44:39 +0000
commit3c67f77555e636f949588c049c2074c70a1cbe33 (patch)
tree1b9e71fc71f4d8e0617b0b0973cb411009eb4331 /rc-status-html.lsp
parent5ec7a43c6f0a6cd1369da101fa0e3f1f12d99973 (diff)
downloadacf-alpine-baselayout-3c67f77555e636f949588c049c2074c70a1cbe33.tar.bz2
acf-alpine-baselayout-3c67f77555e636f949588c049c2074c70a1cbe33.tar.xz
Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.
git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'rc-status-html.lsp')
-rw-r--r--rc-status-html.lsp18
1 files changed, 9 insertions, 9 deletions
diff --git a/rc-status-html.lsp b/rc-status-html.lsp
index 3272af0..a234798 100644
--- a/rc-status-html.lsp
+++ b/rc-status-html.lsp
@@ -3,15 +3,15 @@
<% if session.editresult then %>
<H1>Command Result</H1>
- <% if session.editresult.errtxt then io.write('<P CLASS="error">' .. string.gsub(session.editresult.errtxt, "\n", "<BR>") .. "</P>\n") end
- if session.editresult.descr then io.write('<P CLASS="descr">' .. string.gsub(session.editresult.descr, "\n", "<BR>") .. "</P>\n") end
+ <% if session.editresult.errtxt then io.write('<P CLASS="error">' .. string.gsub(html.html_escape(session.editresult.errtxt), "\n", "<BR>") .. "</P>\n") end
+ if session.editresult.descr then io.write('<P CLASS="descr">' .. string.gsub(html.html_escape(session.editresult.descr), "\n", "<BR>") .. "</P>\n") end
for name,val in pairs(session.editresult.value) do
- if val.errtxt then io.write('<P CLASS="error">' .. string.gsub(val.errtxt, "\n", "<BR>") .. "</P>\n") end
+ if val.errtxt then io.write('<P CLASS="error">' .. string.gsub(html.html_escape(val.errtxt), "\n", "<BR>") .. "</P>\n") end
end
session.editresult = nil
end %>
-<H1><%= view.label %></H1>
+<H1><%= html.html_escape(view.label) %></H1>
<TABLE>
<TR>
<% if session.permissions.rc.edit then %>
@@ -28,14 +28,14 @@ for i,item in ipairs(view.value) do %>
for name,val in pairs(result.value) do val.name=name end
if result.value.kill.value then result.value.kill.checked = "" end
if result.value.system.value then result.value.system.checked = "" end %>
- <form action="<%= page_info.script .. page_info.prefix .. page_info.controller .. "/edit" %>" method="POST">
- <TD><input class="submit" type="submit" name="<%= result.option %>" value="<%= result.submit or result.option %>"></TD>
- <TD><%= item.servicename %><%= html.form.hidden(result.value.servicename) %></TD><TD><%= html.form.text(result.value.sequence) %></TD>
+ <form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/edit") %>" method="POST">
+ <TD><input class="submit" type="submit" name="<%= html.html_escape(result.option) %>" value="<%= html.html_escape(result.submit or result.option) %>"></TD>
+ <TD><%= html.html_escape(item.servicename) %><%= html.form.hidden(result.value.servicename) %></TD><TD><%= html.form.text(result.value.sequence) %></TD>
<TD><%= html.form.checkbox(result.value.kill) %></TD><TD><%= html.form.checkbox(result.value.system) %></TD>
</form></TR>
<% else %>
- <TD><%= item.servicename %></TD><TD><%= item.sequence %></TD>
- <TD><%= item.kill %></TD><TD><%= item.system %></TD></TR>
+ <TD><%= html.html_escape(item.servicename) %></TD><TD><%= html.html_escape(item.sequence) %></TD>
+ <TD><%= html.html_escape(item.kill) %></TD><TD><%= html.html_escape(item.system) %></TD></TR>
<% end %>
<% end %>
</TABLE>