1berry/webmin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix HTML and quote escapes for user and group choosers

Browse Source
This commit is contained in:
iliajie 2023-05-15 20:03:53 +03:00
parent 04d75bc526
commit 07f8f1df4e
No known key found for this signature in database
GPG Key ID: 121E166DD9C821AB
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
group_chooser.cgi
View File

@ -80,8 +80,8 @@ if ($in{'multi'}) {
if ($in{'group'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
else { print "<tr class='filter_match'>\n"; }
$u->[0] =~ s/\\/\\\\/g;
print "<td width=20%><a href=\"\" onClick='return addgroup(\"$u->[0]\", \"$u->[3]\")'>$u->[0]</a></td>\n";
print "<td>$u->[3]</td> </tr>\n";
print "<td width=20%><a href=\"\" onClick='return addgroup(\"@{[&quote_escape($u->[0], \"'\")]}\", \"@{[&quote_escape($u->[3], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
print "<td>@{[&html_escape($u->[3])]}</td> </tr>\n";
$cnt++;
}
print "</table>\n";
@ -172,8 +172,8 @@ else {
foreach $u (&get_groups_list()) {
if ($in{'group'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
else { print "<tr class='filter_match'>\n"; }
print "<td width=20%><a href=\"\" onClick='return select(\"$u->[0]\")'>$u->[0]</a></td>\n";
print "<td>$u->[3]</td> </tr>\n";
print "<td width=20%><a href=\"\" onClick='return select(\"@{[&quote_escape($u->[0], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
print "<td>@{[&html_escape($u->[3])]}</td> </tr>\n";
$cnt++;
}
print "</table>\n";

7
user_chooser.cgi
View File

@ -70,9 +70,8 @@ if ($in{'multi'}) {
foreach $u (&get_users_list()) {
if ($in{'user'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
else { print "<tr class='filter_match'>\n"; }
$u->[6] =~ s/'/&#39;/g;
$u->[0] =~ s/\\/\\\\/g;
print "<td width=20%><a href=\"\" onClick='return adduser(\"$u->[0]\", \"$u->[6]\")'>$u->[0]</a></td>\n";
print "<td width=20%><a href=\"\" onClick='return adduser(\"@{[&quote_escape($u->[0], \"'\")]}\", \"@{[&quote_escape($u->[6], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
print "<td>",&html_escape($u->[6]),"</td> </tr>\n";
$cnt++;
}
@ -163,8 +162,8 @@ else {
foreach $u (&get_users_list()) {
if ($in{'user'} eq $u->[0]) { print "<tr class='filter_match' $cb>\n"; }
else { print "<tr class='filter_match'>\n"; }
print "<td width=20%><a href=\"\" onClick='return select(\"$u->[0]\")'>$u->[0]</a></td>\n";
print "<td>$u->[6]</td> </tr>\n";
print "<td width=20%><a href=\"\" onClick='return select(\"@{[&quote_escape($u->[0], \"'\")]}\")'>@{[&html_escape($u->[0])]}</a></td>\n";
print "<td>@{[&html_escape($u->[6])]}</td> </tr>\n";
$cnt++;
}
print "</table>\n";