Line
Link Here
|
0 |
-- icecast-server-1.3.12.orig/src/http.c |
0 |
++ icecast-server-1.3.12/src/http.c |
Lines 327-333
Link Here
|
327 |
} |
327 |
} |
328 |
|
328 |
|
329 |
char * |
329 |
char * |
330 |
url_encode (const char *str, char **result_p) |
330 |
html_escape (const char *str) |
|
|
331 |
{ |
332 |
const char *p; |
333 |
char *q; |
334 |
char *result; |
335 |
int toescape= 0; |
336 |
|
337 |
if (!str) { |
338 |
xa_debug (1, "WARNING: html_escape() called with NULL string"); |
339 |
return NULL; |
340 |
} |
341 |
|
342 |
for (p = str; *p; p++) { |
343 |
if ((unsigned char) (*p) == '&') toescape+=4; |
344 |
if ((unsigned char) (*p) == '"') toescape+=5; |
345 |
if ((unsigned char) (*p) == '<') toescape+=3; |
346 |
if ((unsigned char) (*p) == '>') toescape+=3; |
347 |
} |
348 |
|
349 |
result = (char *) nmalloc (p - str + toescape + 1); |
350 |
|
351 |
for (q = result, p = str; *p; p++) { |
352 |
unsigned char a = *p; |
353 |
if (a == '&') { |
354 |
*q++ = '&'; |
355 |
*q++ = 'a'; |
356 |
*q++ = 'm'; |
357 |
*q++ = 'p'; |
358 |
*q++ = ';'; |
359 |
} else if (a == '"') { |
360 |
*q++ = '&'; |
361 |
*q++ = 'q'; |
362 |
*q++ = 'u'; |
363 |
*q++ = 'o'; |
364 |
*q++ = 't'; |
365 |
*q++ = ';'; |
366 |
} else if (a == '<') { |
367 |
*q++ = '&'; |
368 |
*q++ = 'l'; |
369 |
*q++ = 't'; |
370 |
*q++ = ';'; |
371 |
} else if (a == '>') { |
372 |
*q++ = '&'; |
373 |
*q++ = 'g'; |
374 |
*q++ = 't'; |
375 |
*q++ = ';'; |
376 |
} else *q++ = *p; |
377 |
} |
378 |
*q++ = 0; |
379 |
return result; |
380 |
} |
381 |
|
382 |
char * |
383 |
url_encode (const char *str, char** result_p) |
331 |
{ |
384 |
{ |
332 |
const char *p; |
385 |
const char *p; |
333 |
char *q; |
386 |
char *q; |
Lines 345-351
Link Here
|
345 |
unacceptable++; |
398 |
unacceptable++; |
346 |
|
399 |
|
347 |
result = (char *) nmalloc (p - str + unacceptable + unacceptable + 1); |
400 |
result = (char *) nmalloc (p - str + unacceptable + unacceptable + 1); |
348 |
|
|
|
349 |
*result_p = result; |
401 |
*result_p = result; |
350 |
|
402 |
|
351 |
for (q = result, p = str; *p; p++) |
403 |
for (q = result, p = str; *p; p++) |
Lines 1336-1342
Link Here
|
1336 |
add_varpair2 (variables, nstrdup (ident), ice_itoa (i)); |
1388 |
add_varpair2 (variables, nstrdup (ident), ice_itoa (i)); |
1337 |
add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id)); |
1389 |
add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id)); |
1338 |
add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients))); |
1390 |
add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients))); |
1339 |
add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (get_user_agent (travclients))); |
1391 |
add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (html_escape(get_user_agent (travclients)))); |
1340 |
add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes)); |
1392 |
add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes)); |
1341 |
add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf))); |
1393 |
add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf))); |
1342 |
endptr = parse_template_file (clicon, NULL, runptr, fd, variables); |
1394 |
endptr = parse_template_file (clicon, NULL, runptr, fd, variables); |
1343 |
-- icecast-server-1.3.12.orig/src/ice_string.c |
1395 |
++ icecast-server-1.3.12/src/ice_string.c |
Lines 334-341
Link Here
|
334 |
|
334 |
|
335 |
char *safe_strcat(char *dest, const char *src, unsigned int maxsize) |
335 |
char *safe_strcat(char *dest, const char *src, unsigned int maxsize) |
336 |
{ |
336 |
{ |
337 |
int size = 0; |
|
|
338 |
|
339 |
if (!dest || !src) return dest; |
337 |
if (!dest || !src) return dest; |
340 |
|
338 |
|
341 |
if (ice_strlen(dest) + ice_strlen(src) + 1 >= maxsize) { |
339 |
if (ice_strlen(dest) + ice_strlen(src) + 1 >= maxsize) { |
342 |
-- icecast-server-1.3.12.orig/src/http.h |
340 |
++ icecast-server-1.3.12/src/http.h |
Lines 44-49
Link Here
|
44 |
int print_http_variable (vartree_t *request_vars, const char *name, connection_t *clicon, int fd); |
44 |
int print_http_variable (vartree_t *request_vars, const char *name, connection_t *clicon, int fd); |
45 |
char *url_encode(const char *string, char **result_p); |
45 |
char *url_encode(const char *string, char **result_p); |
46 |
char *url_decode (const char *string); |
46 |
char *url_decode (const char *string); |
|
|
47 |
char *html_escape(const char *string); |
47 |
const char *parse_template_file (connection_t *clicon, connection_t *sourcecon, const char *ptr, int fd, vartree_t *variables); |
48 |
const char *parse_template_file (connection_t *clicon, connection_t *sourcecon, const char *ptr, int fd, vartree_t *variables); |
48 |
int write_template_parsed_html_page (connection_t *clicon, connection_t *sourcecon, const char *template_file, int fd, vartree_t *variables); |
49 |
int write_template_parsed_html_page (connection_t *clicon, connection_t *sourcecon, const char *template_file, int fd, vartree_t *variables); |
49 |
const char *http_loop_sources (char *ident, connection_t *clicon, const char *ptr, int fd, vartree_t *variables); |
50 |
const char *http_loop_sources (char *ident, connection_t *clicon, const char *ptr, int fd, vartree_t *variables); |