# HG changeset patch
# User Thilo Cestonaro <thilo@cestona.ro>
# Date 1256113165 -7200
# Node ID 5cca708c9f11a189f69eb619544b4cfe05414649
# Parent  50e3d5b871190985fe51063dfbb199f963475e82
mod_muc_log: escape nicknames and status messages too. (thx waqas for finding it; Hope you had fun :P )

diff -r 50e3d5b87119 -r 5cca708c9f11 mod_muc_log/mod_muc_log.lua
--- a/mod_muc_log/mod_muc_log.lua	Tue Oct 20 23:25:21 2009 +0200
+++ b/mod_muc_log/mod_muc_log.lua	Wed Oct 21 10:19:25 2009 +0200
@@ -256,7 +256,7 @@
 		if show ~= nil then
 			ret = html.day.presence.statusChange:gsub("###TIME_STUFF###", timeStuff);
 			if status ~= "" then
-				status = html.day.presence.statusText:gsub("###STATUS###", status);
+				status = html.day.presence.statusText:gsub("###STATUS###", htmlEscape(status));
 			end
 			ret = ret:gsub("###SHOW###", show):gsub("###NICK###", nick):gsub("###STATUS_STUFF###", status);
 		else
@@ -278,7 +278,7 @@
 				break;
 			end
 		elseif tag.tag == "nick" and nick == nil then
-			nick = tag[1];
+			nick = htmlEscape(tag[1]);
 			if body ~= nil or title ~= nil then
 				break;
 			end
@@ -322,7 +322,7 @@
 							
 							-- grep nick from "from" resource
 							if stanza[1].attr.from ~= nil then
-								nick = stanza[1].attr.from:match("/(.+)$");
+								nick = htmlEscape(stanza[1].attr.from:match("/(.+)$"));
 							end
 							
 							if stanza[1].tag == "presence" and nick ~= nil then