From bf65ccc8026284aacbbe52dfdeaccc49cac7f359 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 12 May 2009 14:06:11 +0000 Subject: [PATCH] 2009-05-12 Tatsuhiro Tsujikawa Escaped <,>,& character in XML-RPC response. * src/XmlRpcMethod.cc --- ChangeLog | 5 +++++ src/XmlRpcMethod.cc | 21 +++++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index bfaf36e1..2af73d07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2009-05-12 Tatsuhiro Tsujikawa + + Escaped <,>,& character in XML-RPC response. + * src/XmlRpcMethod.cc + 2009-05-12 Tatsuhiro Tsujikawa Throw DlAbortEx instead of FatalException during parsing options diff --git a/src/XmlRpcMethod.cc b/src/XmlRpcMethod.cc index 896268cb..2bd50858 100644 --- a/src/XmlRpcMethod.cc +++ b/src/XmlRpcMethod.cc @@ -65,6 +65,23 @@ static BDE createErrorResponse(const Exception& e) return params; } +static std::string xmlEscape(const std::string& s) +{ + std::string d; + for(std::string::const_iterator i = s.begin(); i != s.end(); ++i) { + if(*i == '<') { + d += "<"; + } else if(*i == '>') { + d += ">"; + } else if(*i == '&') { + d += "&"; + } else { + d += *i; + } + } + return d; +} + static void encodeValue(const BDE& value, std::ostream& o); template @@ -85,7 +102,7 @@ static void encodeStruct o << ""; for(; first != last; ++first) { o << "" - << "" << (*first).first << ""; + << "" << xmlEscape((*first).first) << ""; encodeValue((*first).second, o); o << ""; } @@ -96,7 +113,7 @@ static void encodeValue(const BDE& value, std::ostream& o) { o << ""; if(value.isString()) { - o << "" << value.s() << ""; + o << "" << xmlEscape(value.s()) << ""; } else if(value.isInteger()) { o << "" << value.i() << ""; } else if(value.isList()) {