From 79a49a1515bd43427c43ab65e650a9a3f0ecdbd6 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 27 Aug 2016 12:14:35 +0200
Subject: [PATCH] gluon-luci-theme: add HTML and URL escaping utility functions
---
package/gluon-luci-theme/Makefile | 4 ++-
.../lib/lua/luci/view/themes/gluon/header.htm | 7 +++--
.../luasrc/usr/lib/lua/gluon/luci.lua | 28 +++++++++++++++++++
3 files changed, 35 insertions(+), 4 deletions(-)
create mode 100644 package/gluon-luci-theme/luasrc/usr/lib/lua/gluon/luci.lua
diff --git a/package/gluon-luci-theme/Makefile b/package/gluon-luci-theme/Makefile
index 2348e9791..72c92edd1 100644
--- a/package/gluon-luci-theme/Makefile
+++ b/package/gluon-luci-theme/Makefile
@@ -9,7 +9,7 @@ PKG_RELEASE:=1
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-include $(INCLUDE_DIR)/package.mk
+include $(GLUONDIR)/include/package.mk
define Package/gluon-luci-theme
@@ -31,10 +31,12 @@ define Build/Configure
endef
define Build/Compile
+ $(call GluonSrcDiet,./luasrc,$(PKG_BUILD_DIR)/luadest/)
endef
define Package/gluon-luci-theme/install
$(CP) ./files/* $(1)/
+ $(CP) $(PKG_BUILD_DIR)/luadest/* $(1)/
endef
$(eval $(call BuildPackage,gluon-luci-theme))
diff --git a/package/gluon-luci-theme/files/usr/lib/lua/luci/view/themes/gluon/header.htm b/package/gluon-luci-theme/files/usr/lib/lua/luci/view/themes/gluon/header.htm
index 2fe1004b9..68d114b5c 100644
--- a/package/gluon-luci-theme/files/usr/lib/lua/luci/view/themes/gluon/header.htm
+++ b/package/gluon-luci-theme/files/usr/lib/lua/luci/view/themes/gluon/header.htm
@@ -17,6 +17,7 @@ $Id$
local http = require "luci.http"
local disp = require "luci.dispatcher"
local fs = require "nixio.fs"
+ local gluon_luci = require "gluon.luci"
local hostname = sys.hostname()
local release = fs.readfile("/lib/gluon/release")
@@ -110,15 +111,15 @@ $Id$
</style>
<% end -%>
<script type="text/javascript" src="<%=resource%>/xhr.js"></script>
-<title><%=striptags( hostname .. ( (node and node.title) and ' - ' .. translate(node.title) or '')) %> - LuCI</title>
+<title><%=gluon_luci.escape( hostname .. ( (node and node.title) and ' - ' .. translate(node.title) or '')) %> - LuCI</title>
</head>
<body class="lang_<%=luci.i18n.context.lang%>">
<div id="menubar">
<div class="hostinfo">
- <%=hostname%>
+ <%=gluon_luci.escape(hostname)%>
<% if release then %>
- / <%=release%>
+ / <%=gluon_luci.escape(release)%>
<% end %>
<span id="xhr_poll_status" style="display:none" onclick="XHR.running() ? XHR.halt() : XHR.run()">
| <%:Auto Refresh%>:
diff --git a/package/gluon-luci-theme/luasrc/usr/lib/lua/gluon/luci.lua b/package/gluon-luci-theme/luasrc/usr/lib/lua/gluon/luci.lua
new file mode 100644
index 000000000..6d0278273
--- /dev/null
+++ b/package/gluon-luci-theme/luasrc/usr/lib/lua/gluon/luci.lua
@@ -0,0 +1,28 @@
+-- Config mode utility functions
+
+local string = string
+
+module 'gluon.luci'
+
+function escape(s)
+ return (string.gsub(s, '[<>&"]', {
+ ['<'] = '<',
+ ['>'] = '>',
+ ['&'] = '&',
+ ['"'] = '"',
+ }))
+end
+
+function urlescape(s)
+ return (string.gsub(s, '[^a-zA-Z0-9%-_%.~]',
+ function(c)
+ local ret = ''
+
+ for i = 1, string.len(c) do
+ ret = ret .. string.format('%%%02X', string.byte(c, i, i))
+ end
+
+ return ret
+ end
+ ))
+end
--
GitLab