Lines 1-81
Link Here
|
1 |
--- src/http.c |
|
|
2 |
+++ src/http.c |
3 |
@@ -327,7 +327,60 @@ |
4 |
} |
5 |
|
6 |
char * |
7 |
-url_encode (const char *str, char **result_p) |
8 |
+html_escape (const char *str) |
9 |
+{ |
10 |
+ const char *p; |
11 |
+ char *q; |
12 |
+ char *result; |
13 |
+ int toescape= 0; |
14 |
+ |
15 |
+ if (!str) { |
16 |
+ xa_debug (1, "WARNING: html_escape() called with NULL string"); |
17 |
+ return NULL; |
18 |
+ } |
19 |
+ |
20 |
+ for (p = str; *p; p++) { |
21 |
+ if ((unsigned char) (*p) == '&') toescape+=4; |
22 |
+ if ((unsigned char) (*p) == '"') toescape+=5; |
23 |
+ if ((unsigned char) (*p) == '<') toescape+=3; |
24 |
+ if ((unsigned char) (*p) == '>') toescape+=3; |
25 |
+ } |
26 |
+ |
27 |
+ result = (char *) nmalloc (p - str + toescape + 1); |
28 |
+ |
29 |
+ for (q = result, p = str; *p; p++) { |
30 |
+ unsigned char a = *p; |
31 |
+ if (a == '&') { |
32 |
+ *q++ = '&'; |
33 |
+ *q++ = 'a'; |
34 |
+ *q++ = 'm'; |
35 |
+ *q++ = 'p'; |
36 |
+ *q++ = ';'; |
37 |
+ } else if (a == '"') { |
38 |
+ *q++ = '&'; |
39 |
+ *q++ = 'q'; |
40 |
+ *q++ = 'u'; |
41 |
+ *q++ = 'o'; |
42 |
+ *q++ = 't'; |
43 |
+ *q++ = ';'; |
44 |
+ } else if (a == '<') { |
45 |
+ *q++ = '&'; |
46 |
+ *q++ = 'l'; |
47 |
+ *q++ = 't'; |
48 |
+ *q++ = ';'; |
49 |
+ } else if (a == '>') { |
50 |
+ *q++ = '&'; |
51 |
+ *q++ = 'g'; |
52 |
+ *q++ = 't'; |
53 |
+ *q++ = ';'; |
54 |
+ } else *q++ = *p; |
55 |
+ } |
56 |
+ *q++ = 0; |
57 |
+ return result; |
58 |
+} |
59 |
+ |
60 |
+char * |
61 |
+url_encode (const char *str, char** result_p) |
62 |
{ |
63 |
const char *p; |
64 |
char *q; |
65 |
@@ -345,7 +398,6 @@ |
66 |
unacceptable++; |
67 |
|
68 |
result = (char *) nmalloc (p - str + unacceptable + unacceptable + 1); |
69 |
- |
70 |
*result_p = result; |
71 |
|
72 |
for (q = result, p = str; *p; p++) |
73 |
@@ -1336,7 +1388,7 @@ |
74 |
add_varpair2 (variables, nstrdup (ident), ice_itoa (i)); |
75 |
add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id)); |
76 |
add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients))); |
77 |
- add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (get_user_agent (travclients))); |
78 |
+ add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (html_escape(get_user_agent (travclients)))); |
79 |
add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes)); |
80 |
add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf))); |
81 |
endptr = parse_template_file (clicon, NULL, runptr, fd, variables); |