From 77ecc7566d385e49223b0b93fd40ca264ffd25fa Mon Sep 17 00:00:00 2001
From: Silvan Calarco <silvan.calarco@mambasoft.it>
Date: Sat, 4 Apr 2015 18:49:49 +0200
Subject: [PATCH] webbuild: implement a var2html function to filter for
 security variable to html Currently used in chat messages

---
 webbuild/webbuild-cgi       |  3 +--
 webbuild/webbuild-functions | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/webbuild/webbuild-cgi b/webbuild/webbuild-cgi
index 7829fde..360addb 100755
--- a/webbuild/webbuild-cgi
+++ b/webbuild/webbuild-cgi
@@ -980,8 +980,7 @@ if [ "$REQUEST" = "changespec" ]; then
       REQUEST="edit";
    fi
 elif [ "$REQUEST" = "broadcastmessage" ]; then
-   BROADCASTMESSAGE=`echo $BROADCASTMESSAGE | sed "s|<|\&lt;|g"`
-   social_log "SUSER=$USER STYPE=broadcastmessage SEMAIL=$USER_EMAIL STEXT=\"said:&quot;<i>$BROADCASTMESSAGE</i>&quot;\" STIME=`date +%s`"
+   social_log "SUSER=$USER STYPE=broadcastmessage SEMAIL=$USER_EMAIL STEXT=\"said:&quot;<i>`var2html BROADCASTMESSAGE`</i>&quot;\" STIME=`date +%s`"
    REQUEST=
 fi
 
diff --git a/webbuild/webbuild-functions b/webbuild/webbuild-functions
index 335b204..ca41d33 100644
--- a/webbuild/webbuild-functions
+++ b/webbuild/webbuild-functions
@@ -179,6 +179,20 @@ function cgi_getvars()
     return
 }
 
+function var2html()
+{
+   eval r=\$$1
+   r="${r//\&/&amp;}"
+   r="${r//\</&lt;}"
+   r="${r//\\\n/<br>}"
+   r="${r//\\/&#92;}"
+   r="${r//\"/&quot;}"
+   r="${r//\$/&#36;}"
+   r="${r//\`/&#96;}"
+   r="${r//\*/&#42;}"
+   echo "${r}"
+}
+
 function kill_tree() {
    local killpid=$1