webcpanel: escape values in template_fileserver

Remove other escapes to prevent double escape. Not all replaced values were escaped, such as replies from commands.
author: Adam <Adam@anope.org> 2017-06-05 10:11:22 -0400
committer: Adam <Adam@anope.org> 2017-06-05 10:11:22 -0400
commit: 1a6f42b9944ecb5055a398a34d6f3f952fd36acd (patch)
tree: fd14f9245ddcd28265661f2ebc59b797a6e26bc9 /modules/webcpanel/template_fileserver.cpp
parent: 04f49225c9b7732c9e04f828ab988e4b29c7b973 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/webcpanel/template_fileserver.cpp b/modules/webcpanel/template_fileserver.cpp
index 341058659..8c6cd10a6 100644
--- a/modules/webcpanel/template_fileserver.cpp
+++ b/modules/webcpanel/template_fileserver.cpp
@@ -238,7 +238,11 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n
 
 				if (ifok && forok)
 				{
-					const Anope::string &replacement = FindReplacement(r, content.substr(0, f - 1));
+					Anope::string replacement = FindReplacement(r, content.substr(0, f - 1));
+
+					// htmlescape all text replaced onto the page
+					replacement = HTTPUtils::Escape(replacement);
+
 					finished += replacement;
 				}
 			}
author	Adam <Adam@anope.org>	2017-06-05 10:11:22 -0400
committer	Adam <Adam@anope.org>	2017-06-05 10:11:22 -0400
commit	1a6f42b9944ecb5055a398a34d6f3f952fd36acd (patch)
tree	fd14f9245ddcd28265661f2ebc59b797a6e26bc9 /modules/webcpanel/template_fileserver.cpp
parent	04f49225c9b7732c9e04f828ab988e4b29c7b973 (diff)