From 77ecc7566d385e49223b0b93fd40ca264ffd25fa Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 4 Apr 2015 18:49:49 +0200 Subject: [PATCH] webbuild: implement a var2html function to filter for security variable to html Currently used in chat messages --- webbuild/webbuild-cgi | 3 +-- webbuild/webbuild-functions | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/webbuild/webbuild-cgi b/webbuild/webbuild-cgi index 7829fde..360addb 100755 --- a/webbuild/webbuild-cgi +++ b/webbuild/webbuild-cgi @@ -980,8 +980,7 @@ if [ "$REQUEST" = "changespec" ]; then REQUEST="edit"; fi elif [ "$REQUEST" = "broadcastmessage" ]; then - BROADCASTMESSAGE=`echo $BROADCASTMESSAGE | sed "s|<|\<|g"` - social_log "SUSER=$USER STYPE=broadcastmessage SEMAIL=$USER_EMAIL STEXT=\"said:"$BROADCASTMESSAGE"\" STIME=`date +%s`" + social_log "SUSER=$USER STYPE=broadcastmessage SEMAIL=$USER_EMAIL STEXT=\"said:"`var2html BROADCASTMESSAGE`"\" STIME=`date +%s`" REQUEST= fi diff --git a/webbuild/webbuild-functions b/webbuild/webbuild-functions index 335b204..ca41d33 100644 --- a/webbuild/webbuild-functions +++ b/webbuild/webbuild-functions @@ -179,6 +179,20 @@ function cgi_getvars() return } +function var2html() +{ + eval r=\$$1 + r="${r//\&/&}" + r="${r//\}" + r="${r//\\/\}" + r="${r//\"/"}" + r="${r//\$/$}" + r="${r//\`/`}" + r="${r//\*/*}" + echo "${r}" +} + function kill_tree() { local killpid=$1