diff --git a/app/templates/ajax/show_configs_files.html b/app/templates/ajax/show_configs_files.html index 411fca7e..798abc8d 100644 --- a/app/templates/ajax/show_configs_files.html +++ b/app/templates/ajax/show_configs_files.html @@ -85,6 +85,10 @@ let path_dir = $('#path_config_name').val(); config_file_name = config_file_name.replaceAll('\/','92'); path_dir = path_dir.replaceAll('\/','92'); + service = escapeHtml(service); + serv = escapeHtml(serv); + path_dir = escapeHtml(path_dir); + config_file_name = escapeHtml(config_file_name); window.location.replace('config.py?service='+service+'&serv='+serv+'&open=open&config_file_name='+path_dir+'92'+config_file_name+'.conf&new_config=1'); $( this ).dialog( "close" ); }, diff --git a/inc/add.js b/inc/add.js index 01509afc..b0bec38a 100644 --- a/inc/add.js +++ b/inc/add.js @@ -665,6 +665,8 @@ $( function() { } }); $('#ddos1').click(function() { + ddos_var = escapeHtml(ddos_var); + table_name = escapeHtml(table_name); if($('#new_frontend').val() == "") { $("#optionsInput1").append(ddos_var) } @@ -1987,6 +1989,7 @@ function showUserlists() { for (i = 0; i < data.length; i++) { var existing_userlist_ajax = $.find("#existing_userlist_ajax"); existing_userlist_ajax = existing_userlist_ajax[0].id; + data[i] = escapeHtml(data[i]); $('#'+existing_userlist_ajax).append(''+data[i]+' '); } } diff --git a/inc/script.js b/inc/script.js index 536416ef..bee90803 100644 --- a/inc/script.js +++ b/inc/script.js @@ -131,6 +131,7 @@ if(localStorage.getItem('restart')) { apply_div = apply_div[0].id; $("#apply").css('display', 'block'); $('#'+apply_div).css('width', '850px'); + ip_for_restart = escapeHtml(ip_for_restart); if (cur_url[0] == "hapservers.py") { $('#'+apply_div).css('width', '650px'); $('#'+apply_div).addClass("alert-one-row");