diff options
author | Peter Powell <petpow@saberuk.com> | 2013-02-11 10:25:57 +0000 |
---|---|---|
committer | attilamolnar <attilamolnar@hush.com> | 2013-02-17 21:36:26 +0100 |
commit | 83e36af589b433b00482e3c6b617165606e1ccbd (patch) | |
tree | 00d3e9d762b5e51a901f5119a57aa1c2da8fde76 | |
parent | a0f92dd232097fa6662265ca49b222b72ca39c83 (diff) |
Fix multiple escape bugs in m_httpd_stats.
-rw-r--r-- | src/modules/m_httpd_stats.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/modules/m_httpd_stats.cpp b/src/modules/m_httpd_stats.cpp index 077bc4f2d..547d6032f 100644 --- a/src/modules/m_httpd_stats.cpp +++ b/src/modules/m_httpd_stats.cpp @@ -55,14 +55,23 @@ class ModuleHttpStats : public Module ret += it->second; ret += ';'; } - else if (*x < 32 || *x > 126) + else if (*x == 0x9 || *x == 0xA || *x == 0xD || + (*x >= 0x20 && *x <= 0xD7FF) || (*x >= 0xE000 && *x <= 0x10FFFF)) { - int n = (unsigned char)*x; - ret += ("&#" + ConvToStr(n) + ";"); + // The XML specification defines the following characters as valid inside an XML document: + // Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] + ret += *x; } else { - ret += *x; + // If we reached this point then the string contains characters which can + // not be represented in XML, even using a numeric escape. Therefore, we + // Base64 encode the entire string and wrap it in a CDATA. + ret.clear(); + ret += "<![CDATA["; + ret += BinToBase64(str); + ret += "]]>"; + break; } } return ret; @@ -145,7 +154,7 @@ class ModuleHttpStats : public Module Channel* c = a->second; data << "<channel>"; - data << "<usercount>" << c->GetUsers()->size() << "</usercount><channelname>" << c->name << "</channelname>"; + data << "<usercount>" << c->GetUsers()->size() << "</usercount><channelname>" << Sanitize(c->name) << "</channelname>"; data << "<channeltopic>"; data << "<topictext>" << Sanitize(c->topic) << "</topictext>"; data << "<setby>" << Sanitize(c->setby) << "</setby>"; |