Software /
code /
prosody-modules
Diff
mod_muc_log/mod_muc_log.lua @ 60:5cca708c9f11
mod_muc_log: escape nicknames and status messages too. (thx waqas for finding it; Hope you had fun :P )
author | Thilo Cestonaro <thilo@cestona.ro> |
---|---|
date | Wed, 21 Oct 2009 10:19:25 +0200 |
parent | 59:50e3d5b87119 |
child | 61:e609da067e9f |
line wrap: on
line diff
--- a/mod_muc_log/mod_muc_log.lua Tue Oct 20 23:25:21 2009 +0200 +++ b/mod_muc_log/mod_muc_log.lua Wed Oct 21 10:19:25 2009 +0200 @@ -256,7 +256,7 @@ if show ~= nil then ret = html.day.presence.statusChange:gsub("###TIME_STUFF###", timeStuff); if status ~= "" then - status = html.day.presence.statusText:gsub("###STATUS###", status); + status = html.day.presence.statusText:gsub("###STATUS###", htmlEscape(status)); end ret = ret:gsub("###SHOW###", show):gsub("###NICK###", nick):gsub("###STATUS_STUFF###", status); else @@ -278,7 +278,7 @@ break; end elseif tag.tag == "nick" and nick == nil then - nick = tag[1]; + nick = htmlEscape(tag[1]); if body ~= nil or title ~= nil then break; end @@ -322,7 +322,7 @@ -- grep nick from "from" resource if stanza[1].attr.from ~= nil then - nick = stanza[1].attr.from:match("/(.+)$"); + nick = htmlEscape(stanza[1].attr.from:match("/(.+)$")); end if stanza[1].tag == "presence" and nick ~= nil then