Attachment #38116 for bug #61495

View | Details | Raw Unified | Return to bug 61495
Collapse All | Expand All




++ icecast-server-1.3.12/src/http.c

}

char * 
html_escape (const char *str)
{
  const char *p;
  char *q;
  char *result;
  int toescape= 0;

  if (!str) {
	  xa_debug (1, "WARNING: html_escape() called with NULL string");
	  return NULL;
  }

  for (p = str; *p; p++) {
    if ((unsigned char) (*p) == '&') toescape+=4;
    if ((unsigned char) (*p) == '"') toescape+=5;
    if ((unsigned char) (*p) == '<') toescape+=3;
    if ((unsigned char) (*p) == '>') toescape+=3;
  }
  
  result = (char  *) nmalloc (p - str + toescape + 1);

  for (q = result, p = str; *p; p++) {
      unsigned char a = *p;
      if (a == '&') {
      	  *q++ = '&';
      	  *q++ = 'a';
      	  *q++ = 'm';
      	  *q++ = 'p';
      	  *q++ = ';';
      } else if (a == '"') {
      	  *q++ = '&';
      	  *q++ = 'q';
      	  *q++ = 'u';
      	  *q++ = 'o';
      	  *q++ = 't';
      	  *q++ = ';';
      } else if (a == '<') {
      	  *q++ = '&';
      	  *q++ = 'l';
      	  *q++ = 't';
      	  *q++ = ';';
      } else if (a == '>') {
      	  *q++ = '&';
      	  *q++ = 'g';
      	  *q++ = 't';
      	  *q++ = ';';
      } else *q++ = *p;
    }
  *q++ = 0; 
  return result;
}

char * 
url_encode (const char *str, char** result_p)
{
  const char *p;
  char *q;

      unacceptable++;

  result = (char  *) nmalloc (p - str + unacceptable + unacceptable + 1);

  *result_p = result;

  for (q = result, p = str; *p; p++) 

	  add_varpair2 (variables, nstrdup (ident), ice_itoa (i));
	  add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id));
	  add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients)));
	  add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (html_escape(get_user_agent (travclients))));
	  add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes));
	  add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf)));
	  endptr = parse_template_file (clicon, NULL, runptr, fd, variables);
++ icecast-server-1.3.12/src/ice_string.c


char *safe_strcat(char *dest, const char *src, unsigned int maxsize)
{
	int size = 0;

	if (!dest || !src) return dest;

	if (ice_strlen(dest) + ice_strlen(src)  + 1 >= maxsize) {
++ icecast-server-1.3.12/src/http.h

int print_http_variable (vartree_t *request_vars, const char *name, connection_t *clicon, int fd);
char *url_encode(const char *string, char **result_p);
char *url_decode (const char *string);
char *html_escape(const char *string);
const char *parse_template_file (connection_t *clicon, connection_t *sourcecon, const char *ptr, int fd, vartree_t *variables);
int write_template_parsed_html_page (connection_t *clicon, connection_t *sourcecon, const char *template_file, int fd, vartree_t *variables);
const char *http_loop_sources (char *ident, connection_t *clicon, const char *ptr, int fd, vartree_t *variables);

Return to bug 61495

Line Link Here

(-)file_not_specified_in_diff (-8 / +59 lines)
0	-- icecast-server-1.3.12.orig/src/http.c	0	++ icecast-server-1.3.12/src/http.c
Lines 327-333 Link Here
327	}	327	}
328		328
329	char *	329	char *
330	url_encode (const char str, char *result_p)	330	html_escape (const char *str)
		331	{
		332	const char *p;
		333	char *q;
		334	char *result;
		335	int toescape= 0;
		336
		337	if (!str) {
		338	xa_debug (1, "WARNING: html_escape() called with NULL string");
		339	return NULL;
		340	}
		341
		342	for (p = str; *p; p++) {
		343	if ((unsigned char) (*p) == '&') toescape+=4;
		344	if ((unsigned char) (*p) == '"') toescape+=5;
		345	if ((unsigned char) (*p) == '<') toescape+=3;
		346	if ((unsigned char) (*p) == '>') toescape+=3;
		347	}
		348
		349	result = (char *) nmalloc (p - str + toescape + 1);
		350
		351	for (q = result, p = str; *p; p++) {
		352	unsigned char a = *p;
		353	if (a == '&') {
		354	*q++ = '&';
		355	*q++ = 'a';
		356	*q++ = 'm';
		357	*q++ = 'p';
		358	*q++ = ';';
		359	} else if (a == '"') {
		360	*q++ = '&';
		361	*q++ = 'q';
		362	*q++ = 'u';
		363	*q++ = 'o';
		364	*q++ = 't';
		365	*q++ = ';';
		366	} else if (a == '<') {
		367	*q++ = '&';
		368	*q++ = 'l';
		369	*q++ = 't';
		370	*q++ = ';';
		371	} else if (a == '>') {
		372	*q++ = '&';
		373	*q++ = 'g';
		374	*q++ = 't';
		375	*q++ = ';';
		376	} else q++ = p;
		377	}
		378	*q++ = 0;
		379	return result;
		380	}
		381
		382	char *
		383	url_encode (const char str, char* result_p)
331	{	384	{
332	const char *p;	385	const char *p;
333	char *q;	386	char *q;
Lines 345-351 Link Here
345	unacceptable++;	398	unacceptable++;
346		399
347	result = (char *) nmalloc (p - str + unacceptable + unacceptable + 1);	400	result = (char *) nmalloc (p - str + unacceptable + unacceptable + 1);
348
349	*result_p = result;	401	*result_p = result;
350		402
351	for (q = result, p = str; *p; p++)	403	for (q = result, p = str; *p; p++)
Lines 1336-1342 Link Here
1336	add_varpair2 (variables, nstrdup (ident), ice_itoa (i));	1388	add_varpair2 (variables, nstrdup (ident), ice_itoa (i));
1337	add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id));	1389	add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id));
1338	add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients)));	1390	add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients)));
1339	add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (get_user_agent (travclients)));	1391	add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (html_escape(get_user_agent (travclients))));
1340	add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes));	1392	add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes));
1341	add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf)));	1393	add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf)));
1342	endptr = parse_template_file (clicon, NULL, runptr, fd, variables);	1394	endptr = parse_template_file (clicon, NULL, runptr, fd, variables);
1343	-- icecast-server-1.3.12.orig/src/ice_string.c	1395	++ icecast-server-1.3.12/src/ice_string.c
Lines 334-341 Link Here
334		334
335	char safe_strcat(char dest, const char *src, unsigned int maxsize)	335	char safe_strcat(char dest, const char *src, unsigned int maxsize)
336	{	336	{
337	int size = 0;
338
339	if (!dest \|\| !src) return dest;	337	if (!dest \|\| !src) return dest;
340		338
341	if (ice_strlen(dest) + ice_strlen(src) + 1 >= maxsize) {	339	if (ice_strlen(dest) + ice_strlen(src) + 1 >= maxsize) {
342	-- icecast-server-1.3.12.orig/src/http.h	340	++ icecast-server-1.3.12/src/http.h
Lines 44-49 Link Here
44	int print_http_variable (vartree_t request_vars, const char name, connection_t *clicon, int fd);	44	int print_http_variable (vartree_t request_vars, const char name, connection_t *clicon, int fd);
45	char url_encode(const char string, char **result_p);	45	char url_encode(const char string, char **result_p);
46	char url_decode (const char string);	46	char url_decode (const char string);
		47	char html_escape(const char string);
47	const char parse_template_file (connection_t clicon, connection_t sourcecon, const char ptr, int fd, vartree_t *variables);	48	const char parse_template_file (connection_t clicon, connection_t sourcecon, const char ptr, int fd, vartree_t *variables);
48	int write_template_parsed_html_page (connection_t clicon, connection_t sourcecon, const char template_file, int fd, vartree_t variables);	49	int write_template_parsed_html_page (connection_t clicon, connection_t sourcecon, const char template_file, int fd, vartree_t variables);
49	const char http_loop_sources (char ident, connection_t clicon, const char ptr, int fd, vartree_t *variables);	50	const char http_loop_sources (char ident, connection_t clicon, const char ptr, int fd, vartree_t *variables);