projects
/
project
/
luci.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
modules/freifunk: Prevent injections
[project/luci.git]
/
modules
/
freifunk
/
luasrc
/
view
/
freifunk-services
/
services.htm
diff --git
a/modules/freifunk/luasrc/view/freifunk-services/services.htm
b/modules/freifunk/luasrc/view/freifunk-services/services.htm
index
650ef43
..
735a432
100644
(file)
--- a/
modules/freifunk/luasrc/view/freifunk-services/services.htm
+++ b/
modules/freifunk/luasrc/view/freifunk-services/services.htm
@@
-64,10
+64,12
@@
end
for k, line in ipairs(table) do
local field = {}
-- split line at # and |, 1=url, 2=proto, 3=description, 4=source
for k, line in ipairs(table) do
local field = {}
-- split line at # and |, 1=url, 2=proto, 3=description, 4=source
- local field = luci.util.split(line, "[#|]", split, true) %>
+ local field = luci.util.split(line, "[#|]", split, true)
+ url,descr,origin = pcdata(field[1]),pcdata(field[3]),pcdata(field[4])
+ %>
<tr class="cbi-section-table-row cbi-rowstyle-<%=i%>">
<tr class="cbi-section-table-row cbi-rowstyle-<%=i%>">
- <td class="cbi-section-table-cell"><a href="<%=
field[1]%>"><%=field[3]
%></a></td>
- <td class="cbi-section-table-cell"><%=
field[4]
%></td>
+ <td class="cbi-section-table-cell"><a href="<%=
url%>"><%=descr
%></a></td>
+ <td class="cbi-section-table-cell"><%=
origin
%></td>
</tr>
<% if i == 1 then i = 0 elseif i == 0 then i = 1 end %>
<%end%>
</tr>
<% if i == 1 then i = 0 elseif i == 0 then i = 1 end %>
<%end%>