webbuild: implement a var2html function to filter for security variable to html

Currently used in chat messages

webbuild/webbuild-cgi

@@ -980,8 +980,7 @@ if [ "$REQUEST" = "changespec" ]; then
       REQUEST="edit";
    fi
 elif [ "$REQUEST" = "broadcastmessage" ]; then
-   BROADCASTMESSAGE=`echo $BROADCASTMESSAGE | sed "s|<|\&lt;|g"`
-   social_log "SUSER=$USER STYPE=broadcastmessage SEMAIL=$USER_EMAIL STEXT=\"said:&quot;<i>$BROADCASTMESSAGE</i>&quot;\" STIME=`date +%s`"
+   social_log "SUSER=$USER STYPE=broadcastmessage SEMAIL=$USER_EMAIL STEXT=\"said:&quot;<i>`var2html BROADCASTMESSAGE`</i>&quot;\" STIME=`date +%s`"
    REQUEST=
 fi
 

webbuild/webbuild-functions

@@ -179,6 +179,20 @@ function cgi_getvars()
     return
 }
 
+function var2html()
+{
+   eval r=\$$1
+   r="${r//\&/&}"
+   r="${r//\</&lt;}"
+   r="${r//\\\n/<br>}"
+   r="${r//\\/&#92;}"
+   r="${r//\"/&quot;}"
+   r="${r//\$/&#36;}"
+   r="${r//\`/&#96;}"
+   r="${r//\*/&#42;}"
+   echo "${r}"
+}
+
 function kill_tree() {
    local killpid=$1