beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

web: use html/template

Browse source 
so output is safe against code injection
This commit is contained in:
Nicola Murino 2019-10-09 11:48:54 +02:00
parent 5ffa34dacb
commit 4f36c1de06
3 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
httpd/internal_test.go
View file

@ -3,10 +3,10 @@ package httpd
import ( import (
"context" "context"
"fmt" "fmt"
"html/template"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"testing" "testing"
"text/template"
"github.com/drakkan/sftpgo/dataprovider" "github.com/drakkan/sftpgo/dataprovider"
"github.com/go-chi/chi" "github.com/go-chi/chi"

2
httpd/web.go
View file

@ -2,11 +2,11 @@ package httpd
import ( import (
"fmt" "fmt"
"html/template"
"net/http" "net/http"
"path/filepath" "path/filepath"
"strconv" "strconv"
"strings" "strings"
"text/template"
"github.com/drakkan/sftpgo/dataprovider" "github.com/drakkan/sftpgo/dataprovider"
"github.com/drakkan/sftpgo/sftpd" "github.com/drakkan/sftpgo/sftpd"

2
templates/user.html
View file

@ -48,7 +48,7 @@
<div class="form-group row"> <div class="form-group row">
<label for="idPermissions" class="col-sm-2 col-form-label">Permissions</label> <label for="idPermissions" class="col-sm-2 col-form-label">Permissions</label>
<div class="col-sm-10"> <div class="col-sm-10">
<select class="form-control id=" idPermissions" name="permissions" required multiple> <select class="form-control" id="idPermissions" name="permissions" required multiple>
{{range $validPerm := .ValidPerms}} {{range $validPerm := .ValidPerms}}
<option value="{{$validPerm}}" <option value="{{$validPerm}}"
{{range $perm := $.User.Permissions}}{{if eq $perm $validPerm}}selected{{end}}{{end}}>{{$validPerm}} {{range $perm := $.User.Permissions}}{{if eq $perm $validPerm}}selected{{end}}{{end}}>{{$validPerm}}