From 08359c0d19a82e14c6f0c1e2a9867131dba32cf4 Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Thu, 11 Jul 2013 15:53:38 +0200 Subject: [PATCH] Further escaping of user inputs --- public/templates/mmcFE/statistics/blocks/default.tpl | 2 +- public/templates/mmcFE/statistics/blocks/small_table.tpl | 2 +- .../templates/mmcFE/statistics/pool/contributors_hashrate.tpl | 4 ++-- .../templates/mmcFE/statistics/pool/contributors_shares.tpl | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/public/templates/mmcFE/statistics/blocks/default.tpl b/public/templates/mmcFE/statistics/blocks/default.tpl index f404673c..0856a269 100644 --- a/public/templates/mmcFE/statistics/blocks/default.tpl +++ b/public/templates/mmcFE/statistics/blocks/default.tpl @@ -57,7 +57,7 @@ target and network difficulty and assuming a zero variance scenario. {else if $BLOCKSFOUND[block].confirmations == -1} Orphan {else}{$GLOBAL.confirmations - $BLOCKSFOUND[block].confirmations} left{/if} - {$BLOCKSFOUND[block].finder|default:"unknown"} + {$BLOCKSFOUND[block].finder|default:"unknown"|escape} {$BLOCKSFOUND[block].time|date_format:"%d/%m %H:%M:%S"} {$BLOCKSFOUND[block].difficulty|number_format:"2"} {$BLOCKSFOUND[block].amount|number_format:"2"} diff --git a/public/templates/mmcFE/statistics/blocks/small_table.tpl b/public/templates/mmcFE/statistics/blocks/small_table.tpl index 731d57ef..2b0f8aac 100644 --- a/public/templates/mmcFE/statistics/blocks/small_table.tpl +++ b/public/templates/mmcFE/statistics/blocks/small_table.tpl @@ -14,7 +14,7 @@ {section block $BLOCKSFOUND} {$BLOCKSFOUND[block].height} - {$BLOCKSFOUND[block].finder|default:"unknown"} + {$BLOCKSFOUND[block].finder|default:"unknown"|escape} {$BLOCKSFOUND[block].time|date_format:"%d/%m %H:%M:%S"} {$BLOCKSFOUND[block].shares|number_format} diff --git a/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl b/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl index a2a6ed58..b6168c36 100644 --- a/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl +++ b/public/templates/mmcFE/statistics/pool/contributors_hashrate.tpl @@ -17,7 +17,7 @@ {math assign="estday" equation="round(reward / ( diff * pow(2,32) / ( hashrate * 1000 ) / 3600 / 24), 3)" diff=$DIFFICULTY reward=$REWARD hashrate=$CONTRIBHASHES[contrib].hashrate} {$rank++} - {$CONTRIBHASHES[contrib].account} + {$CONTRIBHASHES[contrib].account|escape} {$CONTRIBHASHES[contrib].hashrate|number_format} {$estday|number_format:"3"} {if $GLOBAL.config.price.currency}{($estday * $GLOBAL.price)|default:"n/a"|number_format:"2"}{/if} @@ -27,7 +27,7 @@ {if $GLOBAL.userdata.hashrate > 0}{math assign="myestday" equation="round(reward / ( diff * pow(2,32) / ( hashrate * 1000 ) / 3600 / 24), 3)" diff=$DIFFICULTY reward=$REWARD hashrate=$GLOBAL.userdata.hashrate}{/if} n/a - {$GLOBAL.userdata.username} + {$GLOBAL.userdata.username|escape} {$GLOBAL.userdata.hashrate} {$myestday|number_format:"3"|default:"n/a"} {if $GLOBAL.config.price.currency}{($myestday * $GLOBAL.price)|default:"n/a"|number_format:"2"}{/if} diff --git a/public/templates/mmcFE/statistics/pool/contributors_shares.tpl b/public/templates/mmcFE/statistics/pool/contributors_shares.tpl index 2a482209..232e76b2 100644 --- a/public/templates/mmcFE/statistics/pool/contributors_shares.tpl +++ b/public/templates/mmcFE/statistics/pool/contributors_shares.tpl @@ -14,14 +14,14 @@ {section hashrate $CONTRIBSHARES} {$rank++} - {$CONTRIBSHARES[hashrate].account} + {$CONTRIBSHARES[hashrate].account|escape} {$CONTRIBSHARES[hashrate].shares|number_format} {/section} {if $listed != 1 && $GLOBAL.userdata.username|default:""} n/a - {$GLOBAL.userdata.username} + {$GLOBAL.userdata.username|escape} {$GLOBAL.userdata.shares.valid|number_format} {/if}