[asterisk-commits] oej: trunk r54774 - /trunk/res/res_agi.c

[asterisk-commits at lists.digium.com]

Author: oej
Date: Fri Feb 16 05:47:48 2007
New Revision: 54774

URL: http://svn.digium.com/view/asterisk?view=rev&rev=54774
Log:
Issue #9068 - make sure we quote HTML characters correctly too (seanbright)

Modified:
    trunk/res/res_agi.c

Modified: trunk/res/res_agi.c
URL: http://svn.digium.com/view/asterisk/trunk/res/res_agi.c?view=diff&rev=54774&r1=54773&r2=54774
==============================================================================
--- trunk/res/res_agi.c (original)
+++ trunk/res/res_agi.c Fri Feb 16 05:47:48 2007
@@ -1941,6 +1941,37 @@
 	return RESULT_SUCCESS;
 }
 
+/*! \brief Convert string to use HTML escaped characters
+	\note Maybe this should be a generic function?
+*/
+static void write_html_escaped(FILE *htmlfile, char *str)
+{
+	char *cur = str;
+
+	while(*cur) {
+		switch (*cur) {
+		case '<':
+			fprintf(htmlfile, "%s", "&lt;");
+			break;
+		case '>':
+			fprintf(htmlfile, "%s", "&gt;");
+			break;
+		case '&':
+			fprintf(htmlfile, "%s", "&amp;");
+			break;
+		case '"':
+			fprintf(htmlfile, "%s", "&quot;");
+			break;
+		default:
+			fprintf(htmlfile, "%c", *cur);
+			break;
+		}
+		cur++;
+	}
+
+	return;
+}
+
 static int handle_agidumphtml(int fd, int argc, char *argv[])
 {
 	struct agi_command *e;
@@ -1979,11 +2010,16 @@
 		stringp=e->usage;
 		tempstr = strsep(&stringp, "\n");
 
-		fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">%s</TD></TR>\n", tempstr);
+		fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">");
+		write_html_escaped(htmlfile, tempstr);
+		fprintf(htmlfile, "</TD></TR>\n");
+
 		
 		fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">\n");
-		while ((tempstr = strsep(&stringp, "\n")) != NULL)
-			fprintf(htmlfile, "%s<BR>\n",tempstr);
+		while ((tempstr = strsep(&stringp, "\n")) != NULL) {
+			write_html_escaped(htmlfile, tempstr);
+			fprintf(htmlfile, "<BR>\n");
+		}
 		fprintf(htmlfile, "</TD></TR>\n");
 		fprintf(htmlfile, "</TABLE></TD></TR>\n\n");