Commit ae5b7386 authored by Ted Trask's avatar Ted Trask

Modified html.lua and viewlibrary.lua and all html files to html_escape...

Modified html.lua and viewlibrary.lua and all html files to html_escape variables before displaying them.

git-svn-id: svn://svn.alpinelinux.org/acf/dansguardian/trunk@1678 ab2d0c66-481e-0410-8bed-d214d4d58bed
parent 81775e43
......@@ -26,7 +26,7 @@ end %>
<%
for k,v in ipairs( view.value ) do
io.write( "<tr><td><a href=\"" .. page_info.script .. page_info.prefix .. page_info.controller .. "/edit?filename=" .. v.filename .. "&redir=" .. page_info.orig_action .. "\">" .. v.filename .. "</a></td><td>" .. v.size .."</td><td>" .. v.mtime .."</td></tr>\n" )
io.write( "<tr><td><a href=\"" .. html.html_escape(page_info.script .. page_info.prefix .. page_info.controller) .. "/edit?filename=" .. html.html_escape(v.filename) .. "&redir=" .. html.html_escape(page_info.orig_action) .. "\">" .. html.html_escape(v.filename) .. "</a></td><td>" .. html.html_escape(v.size) .."</td><td>" .. html.html_escape(v.mtime) .."</td></tr>\n" )
end
%>
</TABLE>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment