diff options
author | Adam <Adam@anope.org> | 2017-06-05 10:11:22 -0400 |
---|---|---|
committer | Adam <Adam@anope.org> | 2017-06-05 10:11:22 -0400 |
commit | 1a6f42b9944ecb5055a398a34d6f3f952fd36acd (patch) | |
tree | fd14f9245ddcd28265661f2ebc59b797a6e26bc9 | |
parent | 04f49225c9b7732c9e04f828ab988e4b29c7b973 (diff) |
webcpanel: escape values in template_fileserver
Remove other escapes to prevent double escape.
Not all replaced values were escaped, such as replies from commands.
-rw-r--r-- | modules/webcpanel/pages/chanserv/access.cpp | 6 | ||||
-rw-r--r-- | modules/webcpanel/pages/chanserv/akick.cpp | 8 | ||||
-rw-r--r-- | modules/webcpanel/pages/chanserv/modes.cpp | 2 | ||||
-rw-r--r-- | modules/webcpanel/pages/chanserv/set.cpp | 6 | ||||
-rw-r--r-- | modules/webcpanel/pages/memoserv/memos.cpp | 2 | ||||
-rw-r--r-- | modules/webcpanel/pages/nickserv/info.cpp | 6 | ||||
-rw-r--r-- | modules/webcpanel/template_fileserver.cpp | 6 |
7 files changed, 20 insertions, 16 deletions
diff --git a/modules/webcpanel/pages/chanserv/access.cpp b/modules/webcpanel/pages/chanserv/access.cpp index abe0621f6..52b8cd62c 100644 --- a/modules/webcpanel/pages/chanserv/access.cpp +++ b/modules/webcpanel/pages/chanserv/access.cpp @@ -103,9 +103,9 @@ bool WebCPanel::ChanServ::Access::OnRequest(HTTPProvider *server, const Anope::s { ChanAccess *access = ci->GetAccess(i); - replacements["MASKS"] = HTTPUtils::Escape(access->Mask()); - replacements["ACCESSES"] = HTTPUtils::Escape(access->AccessSerialize()); - replacements["CREATORS"] = HTTPUtils::Escape(access->creator); + replacements["MASKS"] = access->Mask(); + replacements["ACCESSES"] = access->AccessSerialize(); + replacements["CREATORS"] = access->creator; } if (Service::FindService("Command", "chanserv/access")) diff --git a/modules/webcpanel/pages/chanserv/akick.cpp b/modules/webcpanel/pages/chanserv/akick.cpp index 306f99030..89300e67f 100644 --- a/modules/webcpanel/pages/chanserv/akick.cpp +++ b/modules/webcpanel/pages/chanserv/akick.cpp @@ -74,11 +74,11 @@ bool WebCPanel::ChanServ::Akick::OnRequest(HTTPProvider *server, const Anope::st AutoKick *akick = ci->GetAkick(i); if (akick->nc) - replacements["MASKS"] = HTTPUtils::Escape(akick->nc->display); + replacements["MASKS"] = akick->nc->display; else - replacements["MASKS"] = HTTPUtils::Escape(akick->mask); - replacements["CREATORS"] = HTTPUtils::Escape(akick->creator); - replacements["REASONS"] = HTTPUtils::Escape(akick->reason); + replacements["MASKS"] = akick->mask; + replacements["CREATORS"] = akick->creator; + replacements["REASONS"] = akick->reason; } Page.Serve(server, page_name, client, message, reply, replacements); diff --git a/modules/webcpanel/pages/chanserv/modes.cpp b/modules/webcpanel/pages/chanserv/modes.cpp index 671a9c948..e678335f0 100644 --- a/modules/webcpanel/pages/chanserv/modes.cpp +++ b/modules/webcpanel/pages/chanserv/modes.cpp @@ -96,7 +96,7 @@ bool WebCPanel::ChanServ::Modes::OnRequest(HTTPProvider *server, const Anope::st std::vector<Anope::string> v = c->GetModeList(cm->name); for (unsigned int i = 0; i < v.size(); ++i) - replacements["MASKS"] = HTTPUtils::Escape(v[i]); + replacements["MASKS"] = v[i]; } Page.Serve(server, page_name, client, message, reply, replacements); diff --git a/modules/webcpanel/pages/chanserv/set.cpp b/modules/webcpanel/pages/chanserv/set.cpp index c0d4121fa..a410bc69c 100644 --- a/modules/webcpanel/pages/chanserv/set.cpp +++ b/modules/webcpanel/pages/chanserv/set.cpp @@ -102,7 +102,7 @@ bool WebCPanel::ChanServ::Set::OnRequest(HTTPProvider *server, const Anope::stri } } - replacements["CHANNEL"] = HTTPUtils::Escape(ci->name); + replacements["CHANNEL"] = ci->name; replacements["CHANNEL_ESCAPED"] = HTTPUtils::URLEncode(ci->name); if (ci->GetFounder()) replacements["FOUNDER"] = ci->GetFounder()->display; @@ -114,8 +114,8 @@ bool WebCPanel::ChanServ::Set::OnRequest(HTTPProvider *server, const Anope::stri if (!ci->last_topic.empty()) { - replacements["LAST_TOPIC"] = HTTPUtils::Escape(ci->last_topic); - replacements["LAST_TOPIC_SETTER"] = HTTPUtils::Escape(ci->last_topic_setter); + replacements["LAST_TOPIC"] = ci->last_topic; + replacements["LAST_TOPIC_SETTER"] = ci->last_topic_setter; } if (can_set) diff --git a/modules/webcpanel/pages/memoserv/memos.cpp b/modules/webcpanel/pages/memoserv/memos.cpp index 76e922949..70d36978e 100644 --- a/modules/webcpanel/pages/memoserv/memos.cpp +++ b/modules/webcpanel/pages/memoserv/memos.cpp @@ -101,7 +101,7 @@ bool WebCPanel::MemoServ::Memos::OnRequest(HTTPProvider *server, const Anope::st replacements["NUMBER"] = stringify(i+1); replacements["SENDER"] = m->sender; replacements["TIME"] = Anope::strftime(m->time); - replacements["TEXT"] = HTTPUtils::Escape(m->text); + replacements["TEXT"] = m->text; if (m->unread) replacements["UNREAD"] = "YES"; else diff --git a/modules/webcpanel/pages/nickserv/info.cpp b/modules/webcpanel/pages/nickserv/info.cpp index 441bfca66..e875bda2c 100644 --- a/modules/webcpanel/pages/nickserv/info.cpp +++ b/modules/webcpanel/pages/nickserv/info.cpp @@ -84,9 +84,9 @@ bool WebCPanel::NickServ::Info::OnRequest(HTTPProvider *server, const Anope::str } } - replacements["DISPLAY"] = HTTPUtils::Escape(na->nc->display); + replacements["DISPLAY"] = na->nc->display; if (na->nc->email.empty() == false) - replacements["EMAIL"] = HTTPUtils::Escape(na->nc->email); + replacements["EMAIL"] = na->nc->email; replacements["TIME_REGISTERED"] = Anope::strftime(na->time_registered, na->nc); if (na->HasVhost()) { @@ -97,7 +97,7 @@ bool WebCPanel::NickServ::Info::OnRequest(HTTPProvider *server, const Anope::str } Anope::string *greet = na->nc->GetExt<Anope::string>("greet"); if (greet) - replacements["GREET"] = HTTPUtils::Escape(*greet); + replacements["GREET"] = *greet; if (na->nc->HasExt("AUTOOP")) replacements["AUTOOP"]; if (na->nc->HasExt("NS_PRIVATE")) diff --git a/modules/webcpanel/template_fileserver.cpp b/modules/webcpanel/template_fileserver.cpp index 341058659..8c6cd10a6 100644 --- a/modules/webcpanel/template_fileserver.cpp +++ b/modules/webcpanel/template_fileserver.cpp @@ -238,7 +238,11 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n if (ifok && forok) { - const Anope::string &replacement = FindReplacement(r, content.substr(0, f - 1)); + Anope::string replacement = FindReplacement(r, content.substr(0, f - 1)); + + // htmlescape all text replaced onto the page + replacement = HTTPUtils::Escape(replacement); + finished += replacement; } } |