Added function (provided by sb1066) for escaping xml chars.

Renamed and moved escape routine to http.c http_escape* to be more generic.

Updated status.xml to use new escape routines to ensure consistent output. Fixes #1034.
This commit is contained in:
Andy Brown 2012-08-25 22:26:55 +01:00 committed by Adam Sutton
parent a453a7cda1
commit 951c2af888
3 changed files with 108 additions and 3 deletions

View file

@ -145,6 +145,109 @@ static const char *cachemonths[12] = {
};
/**
* Escape characters that will interfere with xml. - https://github.com/andyb2000
* sb1066's rss escape functions
* Count how many bytes str would contain if it would be rss escapped
*/
int
http_escaped_len(const char *str)
{
int i;
int len = 0;
for(i=0; i<strlen(str); i++) {
switch (str[i]) {
case '>':
case '<':
len += 4;
break;
case '&':
len += 5;
break;
case '\"':
case '\'':
len += 6;
break;
default:
len++;
break;
}
}
return len;
}
/*
* http (xml) escape a string
*/
const char*
http_escape(const char *str)
{
static char buf[1024];
char esc[7];
int esc_len;
char *p;
char *p_end;
int len;
int i;
len = http_escaped_len(str);
len = MIN(len, sizeof(buf) - 1);
p = buf;
p_end = buf + len;
memset(buf, 0, sizeof(buf));
for(i=0; i<strlen(str); i++) {
switch (str[i]) {
case '<':
strcpy(esc, "&lt;");
break;
case '>':
strcpy(esc, "&gt;");
break;
case '&':
strcpy(esc, "&amp;");
break;
case '\"':
strcpy(esc, "&quot;");
break;
case '\'':
strcpy(esc, "&apos;");
break;
default:
esc[0] = str[i];
esc[1] = 0;
break;
}
esc_len = strlen(esc);
if(p_end < p+esc_len)
break;
strcpy(p, esc);
p += esc_len;
}
p[len] = '\0';
return buf;
}
/**
* Transmit a HTTP reply
*/

View file

@ -139,4 +139,7 @@ int http_access_verify(http_connection_t *hc, int mask);
void http_deescape(char *s);
int http_escaped_len(const char *str);
const char* http_escape(const char *str);
#endif /* HTTP_H_ */

View file

@ -358,7 +358,6 @@ page_pvrinfo(http_connection_t *hc, const char *remain, void *opaque)
return 0;
}
/**
*
*/
@ -426,10 +425,10 @@ page_status(http_connection_t *hc,
b.tm_hour, b.tm_min,
de->de_stop,
de->de_stop_extra,
lang_str_get(de->de_title, NULL));
http_escape(lang_str_get(de->de_title, NULL)));
rstatus = val2str(de->de_sched_state, recstatustxt);
htsbuf_qprintf(hq, "<status>%s</status></recording>\n", rstatus);
htsbuf_qprintf(hq, "<status>%s</status></recording>\n", http_escape(rstatus));
cc++;
timeleft = -1;
}