diff --git a/gluon/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status b/gluon/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status index 59c2e00..aa74b85 100755 --- a/gluon/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status +++ b/gluon/gluon-status-page/files/lib/gluon/status-page/www/cgi-bin/status @@ -10,6 +10,10 @@ local hostname = sys.hostname() local model = platform_info.get_model() local release = util.trim(fs.readfile("/lib/gluon/release") or "") +function escape_html(s) + return (s:gsub('&', '&'):gsub('<', '<'):gsub('>', '>'):gsub('"', '"')) +end + function neighbours(ifname) local info = util.exec("gluon-neighbour-info -d ff02::2:1001 -p 1001 -r nodeinfo -t 3 -i " .. ifname) local macs = {} @@ -32,20 +36,20 @@ io.write("\n") io.write("") io.write("
") io.write("") -io.write("") -io.write("Model: " .. model .. "\n") -io.write("Firmware release: " .. release .. "\n\n") +io.write("Model: " .. escape_html(model) .. "\n") +io.write("Firmware release: " .. escape_html(release) .. "\n\n") -io.write(util.trim(sys.exec("uptime | sed 's/^ \+//'")) .. "\n\n") -io.write(sys.exec("ip address show dev br-client") .. "\n") -io.write(sys.exec("free -m") .. "\n") -io.write(sys.exec("df /rom /overlay")) +io.write(escape_html(util.trim(sys.exec("uptime | sed 's/^ \+//'"))) .. "\n\n") +io.write(escape_html(sys.exec("ip address show dev br-client")) .. "\n") +io.write(escape_html(sys.exec("free -m")) .. "\n") +io.write(escape_html(sys.exec("df /rom /overlay"))) io.write("") io.write("
") - io.write(sys.exec("iw dev " .. ifname .. " link") .. "\n") + io.write(escape_html(sys.exec("iw dev " .. ifname .. " link")) .. "\n") for _, line in ipairs(util.split(util.exec("iw dev " .. ifname .. " station dump"))) do local mac = line:match("^Station (.*) %(on ") if mac then - io.write("Station " .. mac .. " (on " .. ifname .. ")\n") + io.write("Station " .. mac .. " (on " .. escape_html(ifname) .. ")\n") else - io.write(line .. "\n") + io.write(escape_html(line) .. "\n") end end io.write("") end -io.write("") io.write("") +io.write("") io.write("