Mirrors
/
aredn
mirror of https://github.com/aredn/aredn.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add missing escapes for contact and node descriptions (#289)

This commit is contained in:
Tim Wilkinson 2022-03-13 08:11:22 -07:00 committed by GitHub
parent 64d315ada5
commit 74ba25c909
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
files/www/cgi-bin/setup
View File

@ -681,6 +681,9 @@ if parms.button_save then
parms.wifi3_key = s2h(wifi3_key) parms.wifi3_key = s2h(wifi3_key)
parms.wifi3_ssid = s2h(wifi3_ssid) parms.wifi3_ssid = s2h(wifi3_ssid)
-- escape and limit description
parms.description_node = parms.description_node:sub(1,210):gsub('"',"&quot;"):gsub("'","&apos;"):gsub("<","&lt;"):gsub(">","&gt;")
-- save_setup -- save_setup
local f = io.open("/etc/config.mesh/_setup", "w") local f = io.open("/etc/config.mesh/_setup", "w")
if f then if f then

4
files/www/cgi-bin/vpn
View File

@ -242,7 +242,7 @@ if config == "" or nixio.fs.stat("/tmp/reboot-required") then
html.alert_banner() html.alert_banner()
html.print("<table width=790><tr><td>") html.print("<table width=790><tr><td>")
navbar(); navbar();
hrml.print("</td></tr><tr><td align=center><br>") html.print("</td></tr><tr><td align=center><br>")
if config == "" then if config == "" then
html.print("<b>This page is not available until the configuration has been set.</b>") html.print("<b>This page is not available until the configuration has been set.</b>")
else else
@ -330,6 +330,8 @@ do
parms[varname] = "0" parms[varname] = "0"
elseif not parms[varname] then elseif not parms[varname] then
parms[varname] = "" parms[varname] = ""
elseif var == "contact" then
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", ""):sub(1,210):gsub('"',"&quot;"):gsub("'","&apos;"):gsub("<","&lt;"):gsub(">","&gt;")
else else
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", "") parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", "")
end end

4
files/www/cgi-bin/vpnc
View File

@ -226,7 +226,7 @@ if config == "" or nixio.fs.stat("/tmp/reboot-required") then
html.alert_banner() html.alert_banner()
html.print("<table width=790>") html.print("<table width=790>")
navbar(); navbar();
hrml.print("</td></tr><tr><td align=center><br>") html.print("</td></tr><tr><td align=center><br>")
if config == "" then if config == "" then
html.print("<b>This page is not available until the configuration has been set.</b>") html.print("<b>This page is not available until the configuration has been set.</b>")
else else
@ -325,6 +325,8 @@ do
parms[varname] = "0" parms[varname] = "0"
elseif not parms[varname] then elseif not parms[varname] then
parms[varname] = "" parms[varname] = ""
elseif var == "contact" then
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", ""):sub(1,210):gsub('"',"&quot;"):gsub("'","&apos;"):gsub("<","&lt;"):gsub(">","&gt;")
else else
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", "") parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", "")
end end