Menu
▾
▴
[Bitcollider-commits] CVS: bitcollider/lib main.c,1.39,1.40
|
From: Robert K. <may...@us...> - 2001-12-05 23:42:52
|
Update of /cvsroot/bitcollider/bitcollider/lib
In directory usw-pr-cvs1:/tmp/cvs-serv31742/lib
Modified Files:
main.c
Log Message:
Values sent to the website are now being properly escaped.
Index: main.c
===================================================================
RCS file: /cvsroot/bitcollider/bitcollider/lib/main.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -C2 -r1.39 -r1.40
*** main.c 2001/12/05 18:43:52 1.39
--- main.c 2001/12/05 23:42:49 1.40
***************
*** 85,88 ****
--- 85,89 ----
void set_warning(BitcolliderSubmission *sub, const char *newError);
b_bool check_md5_hash(void);
+ char *escape_form_value(char *form_value);
/*------------------------------------------------------------------------- */
***************
*** 833,837 ****
FILE *output;
int i, last = -1;
! char tempFile[MAX_PATH];
b_bool ret;
--- 834,838 ----
FILE *output;
int i, last = -1;
! char tempFile[MAX_PATH], *escaped;
b_bool ret;
***************
*** 899,906 ****
fprintf(output, "%s=<INPUT TYPE=\"hidden\" ",
submission->attrList[i]->key);
fprintf(output, "NAME=\"%s\" VALUE=\"%s\">%s\n",
submission->attrList[i]->key,
! submission->attrList[i]->value,
submission->attrList[i]->value);
}
fprintf(output, "\n<INPUT TYPE=\"submit\" NAME=\"Submit\" VALUE=\"Submit\">\n");
--- 900,909 ----
fprintf(output, "%s=<INPUT TYPE=\"hidden\" ",
submission->attrList[i]->key);
+ escaped = escape_form_value(submission->attrList[i]->value);
fprintf(output, "NAME=\"%s\" VALUE=\"%s\">%s\n",
submission->attrList[i]->key,
! escaped,
submission->attrList[i]->value);
+ free(escaped);
}
fprintf(output, "\n<INPUT TYPE=\"submit\" NAME=\"Submit\" VALUE=\"Submit\">\n");
***************
*** 929,932 ****
--- 932,994 ----
return ret;
+ }
+
+ char *escape_form_value(char *form_value)
+ {
+ int i, form_value_length, extra_length;
+ char *escaped_value, *ptr;
+
+ form_value_length = strlen(form_value);
+ for (i = 0, extra_length = 0; i < form_value_length; ++i)
+ {
+ switch(form_value[i])
+ {
+ case '"':
+ extra_length += 5;
+ break;
+ case '&':
+ extra_length += 4;
+ break;
+ case '<':
+ case '>':
+ extra_length += 3;
+ break;
+ }
+ }
+
+ if (extra_length == 0)
+ {
+ // This is necessary since the caller must free the memory.
+ return strdup(form_value);
+ }
+
+ escaped_value = malloc(form_value_length + extra_length + 1);
+ for (i = 0, ptr = escaped_value; i < form_value_length; ++i)
+ {
+ switch(form_value[i])
+ {
+ case '"':
+ strcpy(ptr, """);
+ ptr += 6;
+ break;
+ case '&':
+ strcpy(ptr, "&");
+ ptr += 5;
+ break;
+ case '<':
+ strcpy(ptr, "<");
+ ptr += 4;
+ break;
+ case '>':
+ strcpy(ptr, ">");
+ ptr += 4;
+ break;
+ default:
+ *(ptr++) = form_value[i];
+ }
+ }
+ *ptr = 0;
+
+ return escaped_value;
}
|
