use html and js escapes for tpl strings

7 years ago · 4eaee9389d
parent 0a731bd35e
commit 4eaee9389d
10 changed files with 40 additions and 35 deletions
--- a/html_orig/pages/cfg_network.php
+++ b/html_orig/pages/cfg_network.php
@ -17,17 +17,17 @@ $ipmask='pattern="^([0-9]{1,3}\.){3}[0-9]{1,3}$"';
 	<div class="Row x-static">
 		<label for="sta_addr_ip"><?= tr('net.sta_addr_ip') ?></label>
-		<input type="text" name="sta_addr_ip" id="sta_addr_ip" value="%sta_addr_ip%" <?=$ipmask?> required>
+		<input type="text" name="sta_addr_ip" id="sta_addr_ip" value="%h:sta_addr_ip%" <?=$ipmask?> required>
 	</div>
 	<div class="Row x-static">
 		<label for="sta_addr_mask"><?= tr('net.sta_addr_mask') ?></label>
-		<input type="text" name="sta_addr_mask" id="sta_addr_mask" value="%sta_addr_mask%" <?=$ipmask?> required>
+		<input type="text" name="sta_addr_mask" id="sta_addr_mask" value="%h:sta_addr_mask%" <?=$ipmask?> required>
 	</div>
 	<div class="Row x-static">
 		<label for="sta_addr_gw"><?= tr('net.sta_addr_gw') ?></label>
-		<input type="text" name="sta_addr_gw" id="sta_addr_gw" value="%sta_addr_gw%" <?=$ipmask?> required>
+		<input type="text" name="sta_addr_gw" id="sta_addr_gw" value="%h:sta_addr_gw%" <?=$ipmask?> required>
 	</div>
 	<div class="Row buttons">
@ -44,22 +44,22 @@ $ipmask='pattern="^([0-9]{1,3}\.){3}[0-9]{1,3}$"';
 	<div class="Row">
 		<label for="ap_addr_mask"><?= tr('net.ap_addr_mask') ?></label>
-		<input type="text" name="ap_addr_mask" id="ap_addr_mask" value="%ap_addr_mask%" <?=$ipmask?> required>
+		<input type="text" name="ap_addr_mask" id="ap_addr_mask" value="%h:ap_addr_mask%" <?=$ipmask?> required>
 	</div>
 	<div class="Row">
 		<label for="ap_addr_ip"><?= tr('net.ap_addr_ip') ?></label>
-		<input type="text" name="ap_addr_ip" id="ap_addr_ip" value="%ap_addr_ip%" <?=$ipmask?> required>
+		<input type="text" name="ap_addr_ip" id="ap_addr_ip" value="%h:ap_addr_ip%" <?=$ipmask?> required>
 	</div>
 	<div class="Row">
 		<label for="ap_dhcp_start"><?= tr('net.ap_dhcp_start') ?></label>
-		<input type="text" name="ap_dhcp_start" id="ap_dhcp_start" value="%ap_dhcp_start%" <?=$ipmask?> required>
+		<input type="text" name="ap_dhcp_start" id="ap_dhcp_start" value="%h:ap_dhcp_start%" <?=$ipmask?> required>
 	</div>
 	<div class="Row">
 		<label for="ap_dhcp_end"><?= tr('net.ap_dhcp_end') ?></label>
-		<input type="text" name="ap_dhcp_end" id="ap_dhcp_end" value="%ap_dhcp_end%" <?=$ipmask?> required>
+		<input type="text" name="ap_dhcp_end" id="ap_dhcp_end" value="%h:ap_dhcp_end%" <?=$ipmask?> required>
 	</div>
 	<div class="Row">
--- a/html_orig/pages/cfg_term.php
+++ b/html_orig/pages/cfg_term.php
@ -92,16 +92,16 @@
 	<div class="Row">
 		<label for="term_title"><?= tr('term.term_title') ?></label>
-		<input type="text" name="term_title" id="term_title" value="%term_title%" required>
+		<input type="text" name="term_title" id="term_title" value="%h:term_title%" required>
 	</div>
 	<div class="Row">
 		<label><?= tr("term.buttons") ?></label>
-		<input class="short" type="text" name="btn1" id="btn1" value="%btn1%">&nbsp;
+		<input class="short" type="text" name="btn1" id="btn1" value="%h:btn1%">&nbsp;
-		<input class="short" type="text" name="btn2" id="btn2" value="%btn2%">&nbsp;
+		<input class="short" type="text" name="btn2" id="btn2" value="%h:btn2%">&nbsp;
-		<input class="short" type="text" name="btn3" id="btn3" value="%btn3%">&nbsp;
+		<input class="short" type="text" name="btn3" id="btn3" value="%h:btn3%">&nbsp;
-		<input class="short" type="text" name="btn4" id="btn4" value="%btn4%">&nbsp;
+		<input class="short" type="text" name="btn4" id="btn4" value="%h:btn4%">&nbsp;
-		<input class="short" type="text" name="btn5" id="btn5" value="%btn5%">
+		<input class="short" type="text" name="btn5" id="btn5" value="%h:btn5%">
 	</div>
 	<div class="Row buttons">
--- a/html_orig/pages/cfg_wifi.php
+++ b/html_orig/pages/cfg_wifi.php
@ -9,12 +9,12 @@
 	<div class="Row x-ap-on">
 		<label for="ap_ssid"><?= tr('wifi.ap_ssid') ?></label>
-		<input type="text" name="ap_ssid" id="ap_ssid" value="%ap_ssid%" required>
+		<input type="text" name="ap_ssid" id="ap_ssid" value="%h:ap_ssid%" required>
 	</div>
 	<div class="Row x-ap-on">
 		<label for="ap_password"><?= tr('wifi.ap_password') ?></label>
-		<input type="text" name="ap_password" id="ap_password" value="%ap_password%">
+		<input type="text" name="ap_password" id="ap_password" value="%h:ap_password%">
 	</div>
 	<div class="Row x-ap-on">
@ -92,10 +92,10 @@
 <script>
 	WiFi.scan_url = '<?= url('wifi_scan', true) ?>';
 	WiFi.init({
-		sta_ssid: '%sta_ssid%',
+		sta_ssid: '%j:sta_ssid%',
-		sta_password: '%sta_password%',
+		sta_password: '%j:sta_password%',
-		sta_active_ip: '%sta_active_ip%',
+		sta_active_ip: '%j:sta_active_ip%',
-		sta_active_ssid: '%sta_active_ssid%',
+		sta_active_ssid: '%j:sta_active_ssid%',
 	});
 	function updateApDisp() {
--- a/html_orig/pages/term.php
+++ b/html_orig/pages/term.php
@ -35,7 +35,7 @@
 	try {
 		window.noAutoShow = true;
 		termInit(); // the screen will be loaded via ajax
-		Screen.load('%labels_seq%');
+		Screen.load('%j:labels_seq%');
 		// auto-clear the input box
 		$('#softkb-input').on('input', function(e) {
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 5f0dd3564fe471dc7e9e352951761044b565ac29
+Subproject commit 61b5a2592842048d7bb3e40b8e8da88e01665d2d
--- a/user/cgi_main.c
+++ b/user/cgi_main.c
@ -1,6 +1,7 @@
 #include <esp8266.h>
 #include <httpd.h>
 #include <esp_sdk_ver.h>
 #include <httpdespfs.h>
 #include "cgi_main.h"
 #include "screen.h"
@ -26,11 +27,11 @@ httpd_cgi_state ICACHE_FLASH_ATTR tplScreen(HttpdConnData *connData, char *token
 	if (streq(token, "labels_seq")) {
 		screenSerializeLabelsToBuffer(buff, 150);
-		httpdSend(connData, buff, -1);
+		tplSend(connData, buff, -1);
 	}
 	else if (streq(token, "theme")) {
 		sprintf(buff, "%d", termconf->theme);
-		httpdSend(connData, buff, -1);
+		tplSend(connData, buff, -1);
 	}
 	return HTTPD_CGI_DONE;
@ -56,7 +57,7 @@ cgiTermInitialImage(HttpdConnData *connData)
 	}
 	httpd_cgi_state cont = screenSerializeToBuffer(buff, bufsiz, &connData->cgiData);
-	httpdSend(connData, buff, -1);
+	httpdSend(connData, buff, -1); // no encode
 	return cont;
 }
@ -67,22 +68,22 @@ tplAbout(HttpdConnData *connData, char *token, void **arg)
 	if (token == NULL) return HTTPD_CGI_DONE;
 	if (streq(token, "vers_fw")) {
-		httpdSend(connData, FIRMWARE_VERSION, -1);
+		tplSend(connData, FIRMWARE_VERSION, -1);
 	}
 	else if (streq(token, "date")) {
-		httpdSend(connData, __DATE__, -1);
+		tplSend(connData, __DATE__, -1);
 	}
 	else if (streq(token, "time")) {
-		httpdSend(connData, __TIME__, -1);
+		tplSend(connData, __TIME__, -1);
 	}
 	else if (streq(token, "vers_httpd")) {
-		httpdSend(connData, HTTPDVER, -1);
+		tplSend(connData, HTTPDVER, -1);
 	}
 	else if (streq(token, "vers_sdk")) {
-		httpdSend(connData, STR(ESP_SDK_VERSION), -1);
+		tplSend(connData, STR(ESP_SDK_VERSION), -1);
 	}
 	else if (streq(token, "githubrepo")) {
-		httpdSend(connData, TERMINAL_GITHUB_REPO, -1);
+		tplSend(connData, TERMINAL_GITHUB_REPO, -1);
 	}
 	return HTTPD_CGI_DONE;
--- a/user/cgi_network.c
+++ b/user/cgi_network.c
@ -3,6 +3,7 @@ configuring the network settings
 */
 #include <esp8266.h>
 #include <httpdespfs.h>
 #include "cgi_network.h"
 #include "wifimgr.h"
 #include "persist.h"
@ -246,6 +247,6 @@ httpd_cgi_state ICACHE_FLASH_ATTR tplNetwork(HttpdConnData *connData, char *toke
 		sprintf(buff, MACSTR, MAC2STR(mac));
 	}
-	httpdSend(connData, buff, -1);
+	tplSend(connData, buff, -1);
 	return HTTPD_CGI_DONE;
 }
--- a/user/cgi_system.c
+++ b/user/cgi_system.c
@ -1,6 +1,7 @@
 #include <esp8266.h>
 #include <httpd.h>
 #include <helpers.h>
 #include <httpdespfs.h>
 #include "cgi_system.h"
 #include "persist.h"
@ -159,6 +160,6 @@ tplSystemCfg(HttpdConnData *connData, char *token, void **arg)
 		sprintf(buff, "%d", sysconf->uart_stopbits);
 	}
-	httpdSend(connData, buff, -1);
+	tplSend(connData, buff, -1);
 	return HTTPD_CGI_DONE;
 }
--- a/user/cgi_term_cfg.c
+++ b/user/cgi_term_cfg.c
@ -3,6 +3,7 @@ Cgi/template routines for configuring non-wifi settings
 */
 #include <esp8266.h>
 #include <httpdespfs.h>
 #include "cgi_term_cfg.h"
 #include "persist.h"
 #include "screen.h"
@ -165,6 +166,6 @@ tplTermCfg(HttpdConnData *connData, char *token, void **arg)
 		}
 	}
-	httpdSend(connData, buff, -1);
+	tplSend(connData, buff, -1);
 	return HTTPD_CGI_DONE;
 }
--- a/user/cgi_wifi.c
+++ b/user/cgi_wifi.c
@ -14,6 +14,7 @@ Cgi/template routines for the /wifi url.
 */
 #include <esp8266.h>
 #include <httpdespfs.h>
 #include "cgi_wifi.h"
 #include "wifimgr.h"
 #include "persist.h"
@ -302,7 +303,7 @@ httpd_cgi_state ICACHE_FLASH_ATTR cgiWiFiConnStatus(HttpdConnData *connData)
 			break;
 	}
-	httpdSend(connData, buff, -1);
+	tplSend(connData, buff, -1);
 	return HTTPD_CGI_DONE;
 }
@ -585,6 +586,6 @@ httpd_cgi_state ICACHE_FLASH_ATTR tplWlan(HttpdConnData *connData, char *token,
 		}
 	}
-	httpdSend(connData, buff, -1);
+	tplSend(connData, buff, -1);
 	return HTTPD_CGI_DONE;
 }
		`@ -1 +1 @@`
			`Subproject commit 5f0dd3564fe471dc7e9e352951761044b565ac29`				`Subproject commit 61b5a2592842048d7bb3e40b8e8da88e01665d2d`