Diff

mod_muc_log/mod_muc_log.lua @ 60:5cca708c9f11

mod_muc_log: escape nicknames and status messages too. (thx waqas for finding it; Hope you had fun :P )
author Thilo Cestonaro <thilo@cestona.ro>
date Wed, 21 Oct 2009 10:19:25 +0200
parent 59:50e3d5b87119
child 61:e609da067e9f
line wrap: on
line diff
--- a/mod_muc_log/mod_muc_log.lua	Tue Oct 20 23:25:21 2009 +0200
+++ b/mod_muc_log/mod_muc_log.lua	Wed Oct 21 10:19:25 2009 +0200
@@ -256,7 +256,7 @@
 		if show ~= nil then
 			ret = html.day.presence.statusChange:gsub("###TIME_STUFF###", timeStuff);
 			if status ~= "" then
-				status = html.day.presence.statusText:gsub("###STATUS###", status);
+				status = html.day.presence.statusText:gsub("###STATUS###", htmlEscape(status));
 			end
 			ret = ret:gsub("###SHOW###", show):gsub("###NICK###", nick):gsub("###STATUS_STUFF###", status);
 		else
@@ -278,7 +278,7 @@
 				break;
 			end
 		elseif tag.tag == "nick" and nick == nil then
-			nick = tag[1];
+			nick = htmlEscape(tag[1]);
 			if body ~= nil or title ~= nil then
 				break;
 			end
@@ -322,7 +322,7 @@
 							
 							-- grep nick from "from" resource
 							if stanza[1].attr.from ~= nil then
-								nick = stanza[1].attr.from:match("/(.+)$");
+								nick = htmlEscape(stanza[1].attr.from:match("/(.+)$"));
 							end
 							
 							if stanza[1].tag == "presence" and nick ~= nil then