From b562ad7bbde967e59ae1b26e21ad654e51526058 Mon Sep 17 00:00:00 2001
From: Nils Schneider <nils@nilsschneider.net>
Date: Thu, 6 Feb 2014 15:34:24 +0100
Subject: [PATCH] gluon-status-page: escape HTML special characters
---
.../lib/gluon/status-page/www/cgi-bin/status | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status
index dd30ae57e..01b468da3 100755
--- a/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status
+++ b/package/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status
@@ -1,5 +1,9 @@
#!/bin/sh
+escape_html() {
+ sed 's/&/\&/g; s/</\</g; s/>/\>/g; s/"/\"/g; s/'"'"'/\'/g'
+}
+
linknodes() {
PREFIX=$(uci get network.local_node_route6.target | cut -d: -f 1-4)
sed 's#\([0-9a-f]\{2\}\):\([0-9a-f]\{2\}\):\([0-9a-f]\{2\}\):\([0-9a-f]\{2\}\):\([0-9a-f]\{2\}\):\([0-9a-f]\{2\}\)#<a href="http://['$PREFIX':\1\2:\3ff:fe\4:\5\6]/">&</a>#g'
@@ -21,19 +25,19 @@ echo "<h1>$(cat /proc/sys/kernel/hostname)</h1>"
echo "<pre>"
-echo "Firmware release: $(cat /lib/gluon/release)"
+echo "Firmware release: $(cat /lib/gluon/release | escape_html)"
echo
-uptime | sed 's/^ \+//'
+uptime | sed 's/^ \+//' | escape_html
echo
-ip address show dev br-client
+ip address show dev br-client | escape_html
echo
-free -m
+free -m | escape_html
echo
-df /rom /overlay
+df /rom /overlay | escape_html
echo "</pre>"
@@ -45,11 +49,11 @@ do
echo "<h3>$if</h3>"
echo "<pre>"
- iw dev $if link
+ iw dev $if link | escape_html
echo
- iw dev $if station dump | linknodes
+ iw dev $if station dump | escape_html | linknodes
echo "</pre>"
done
--
GitLab