summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdam <Adam@anope.org>2017-06-05 10:11:22 -0400
committerAdam <Adam@anope.org>2017-06-05 10:11:22 -0400
commit1a6f42b9944ecb5055a398a34d6f3f952fd36acd (patch)
treefd14f9245ddcd28265661f2ebc59b797a6e26bc9
parent04f49225c9b7732c9e04f828ab988e4b29c7b973 (diff)
webcpanel: escape values in template_fileserver
Remove other escapes to prevent double escape. Not all replaced values were escaped, such as replies from commands.
-rw-r--r--modules/webcpanel/pages/chanserv/access.cpp6
-rw-r--r--modules/webcpanel/pages/chanserv/akick.cpp8
-rw-r--r--modules/webcpanel/pages/chanserv/modes.cpp2
-rw-r--r--modules/webcpanel/pages/chanserv/set.cpp6
-rw-r--r--modules/webcpanel/pages/memoserv/memos.cpp2
-rw-r--r--modules/webcpanel/pages/nickserv/info.cpp6
-rw-r--r--modules/webcpanel/template_fileserver.cpp6
7 files changed, 20 insertions, 16 deletions
diff --git a/modules/webcpanel/pages/chanserv/access.cpp b/modules/webcpanel/pages/chanserv/access.cpp
index abe0621f6..52b8cd62c 100644
--- a/modules/webcpanel/pages/chanserv/access.cpp
+++ b/modules/webcpanel/pages/chanserv/access.cpp
@@ -103,9 +103,9 @@ bool WebCPanel::ChanServ::Access::OnRequest(HTTPProvider *server, const Anope::s
{
ChanAccess *access = ci->GetAccess(i);
- replacements["MASKS"] = HTTPUtils::Escape(access->Mask());
- replacements["ACCESSES"] = HTTPUtils::Escape(access->AccessSerialize());
- replacements["CREATORS"] = HTTPUtils::Escape(access->creator);
+ replacements["MASKS"] = access->Mask();
+ replacements["ACCESSES"] = access->AccessSerialize();
+ replacements["CREATORS"] = access->creator;
}
if (Service::FindService("Command", "chanserv/access"))
diff --git a/modules/webcpanel/pages/chanserv/akick.cpp b/modules/webcpanel/pages/chanserv/akick.cpp
index 306f99030..89300e67f 100644
--- a/modules/webcpanel/pages/chanserv/akick.cpp
+++ b/modules/webcpanel/pages/chanserv/akick.cpp
@@ -74,11 +74,11 @@ bool WebCPanel::ChanServ::Akick::OnRequest(HTTPProvider *server, const Anope::st
AutoKick *akick = ci->GetAkick(i);
if (akick->nc)
- replacements["MASKS"] = HTTPUtils::Escape(akick->nc->display);
+ replacements["MASKS"] = akick->nc->display;
else
- replacements["MASKS"] = HTTPUtils::Escape(akick->mask);
- replacements["CREATORS"] = HTTPUtils::Escape(akick->creator);
- replacements["REASONS"] = HTTPUtils::Escape(akick->reason);
+ replacements["MASKS"] = akick->mask;
+ replacements["CREATORS"] = akick->creator;
+ replacements["REASONS"] = akick->reason;
}
Page.Serve(server, page_name, client, message, reply, replacements);
diff --git a/modules/webcpanel/pages/chanserv/modes.cpp b/modules/webcpanel/pages/chanserv/modes.cpp
index 671a9c948..e678335f0 100644
--- a/modules/webcpanel/pages/chanserv/modes.cpp
+++ b/modules/webcpanel/pages/chanserv/modes.cpp
@@ -96,7 +96,7 @@ bool WebCPanel::ChanServ::Modes::OnRequest(HTTPProvider *server, const Anope::st
std::vector<Anope::string> v = c->GetModeList(cm->name);
for (unsigned int i = 0; i < v.size(); ++i)
- replacements["MASKS"] = HTTPUtils::Escape(v[i]);
+ replacements["MASKS"] = v[i];
}
Page.Serve(server, page_name, client, message, reply, replacements);
diff --git a/modules/webcpanel/pages/chanserv/set.cpp b/modules/webcpanel/pages/chanserv/set.cpp
index c0d4121fa..a410bc69c 100644
--- a/modules/webcpanel/pages/chanserv/set.cpp
+++ b/modules/webcpanel/pages/chanserv/set.cpp
@@ -102,7 +102,7 @@ bool WebCPanel::ChanServ::Set::OnRequest(HTTPProvider *server, const Anope::stri
}
}
- replacements["CHANNEL"] = HTTPUtils::Escape(ci->name);
+ replacements["CHANNEL"] = ci->name;
replacements["CHANNEL_ESCAPED"] = HTTPUtils::URLEncode(ci->name);
if (ci->GetFounder())
replacements["FOUNDER"] = ci->GetFounder()->display;
@@ -114,8 +114,8 @@ bool WebCPanel::ChanServ::Set::OnRequest(HTTPProvider *server, const Anope::stri
if (!ci->last_topic.empty())
{
- replacements["LAST_TOPIC"] = HTTPUtils::Escape(ci->last_topic);
- replacements["LAST_TOPIC_SETTER"] = HTTPUtils::Escape(ci->last_topic_setter);
+ replacements["LAST_TOPIC"] = ci->last_topic;
+ replacements["LAST_TOPIC_SETTER"] = ci->last_topic_setter;
}
if (can_set)
diff --git a/modules/webcpanel/pages/memoserv/memos.cpp b/modules/webcpanel/pages/memoserv/memos.cpp
index 76e922949..70d36978e 100644
--- a/modules/webcpanel/pages/memoserv/memos.cpp
+++ b/modules/webcpanel/pages/memoserv/memos.cpp
@@ -101,7 +101,7 @@ bool WebCPanel::MemoServ::Memos::OnRequest(HTTPProvider *server, const Anope::st
replacements["NUMBER"] = stringify(i+1);
replacements["SENDER"] = m->sender;
replacements["TIME"] = Anope::strftime(m->time);
- replacements["TEXT"] = HTTPUtils::Escape(m->text);
+ replacements["TEXT"] = m->text;
if (m->unread)
replacements["UNREAD"] = "YES";
else
diff --git a/modules/webcpanel/pages/nickserv/info.cpp b/modules/webcpanel/pages/nickserv/info.cpp
index 441bfca66..e875bda2c 100644
--- a/modules/webcpanel/pages/nickserv/info.cpp
+++ b/modules/webcpanel/pages/nickserv/info.cpp
@@ -84,9 +84,9 @@ bool WebCPanel::NickServ::Info::OnRequest(HTTPProvider *server, const Anope::str
}
}
- replacements["DISPLAY"] = HTTPUtils::Escape(na->nc->display);
+ replacements["DISPLAY"] = na->nc->display;
if (na->nc->email.empty() == false)
- replacements["EMAIL"] = HTTPUtils::Escape(na->nc->email);
+ replacements["EMAIL"] = na->nc->email;
replacements["TIME_REGISTERED"] = Anope::strftime(na->time_registered, na->nc);
if (na->HasVhost())
{
@@ -97,7 +97,7 @@ bool WebCPanel::NickServ::Info::OnRequest(HTTPProvider *server, const Anope::str
}
Anope::string *greet = na->nc->GetExt<Anope::string>("greet");
if (greet)
- replacements["GREET"] = HTTPUtils::Escape(*greet);
+ replacements["GREET"] = *greet;
if (na->nc->HasExt("AUTOOP"))
replacements["AUTOOP"];
if (na->nc->HasExt("NS_PRIVATE"))
diff --git a/modules/webcpanel/template_fileserver.cpp b/modules/webcpanel/template_fileserver.cpp
index 341058659..8c6cd10a6 100644
--- a/modules/webcpanel/template_fileserver.cpp
+++ b/modules/webcpanel/template_fileserver.cpp
@@ -238,7 +238,11 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n
if (ifok && forok)
{
- const Anope::string &replacement = FindReplacement(r, content.substr(0, f - 1));
+ Anope::string replacement = FindReplacement(r, content.substr(0, f - 1));
+
+ // htmlescape all text replaced onto the page
+ replacement = HTTPUtils::Escape(replacement);
+
finished += replacement;
}
}