[shibboleth-sp2] 16/18: HTML encode template input

Ferenc Wágner wferi-guest at moszumanska.debian.org
Tue Jan 26 21:29:31 UTC 2016 

This is an automated email from the git hooks/post-receive script.

wferi-guest pushed a commit to annotated tag 1.2.1b
in repository shibboleth-sp2.

commit 4910cdb2dd3d049e7a0922730d4ff4b778cbd8fc
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Tue Jan 3 22:10:58 2006 +0000

    HTML encode template input
---
 shib-target/shib-mlp.cpp | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/shib-target/shib-mlp.cpp b/shib-target/shib-mlp.cpp
index 6d06e83..bce9623 100644
--- a/shib-target/shib-mlp.cpp
+++ b/shib-target/shib-mlp.cpp
@@ -73,6 +73,7 @@ public:
   ShibMLPPriv();
   ~ShibMLPPriv() {}
   log4cpp::Category *log;
+  static void html_encode(string& os, const char* start);
 };  
 
 ShibMLPPriv::ShibMLPPriv() : log(&(log4cpp::Category::getInstance("shibtarget.ShibMLP"))) {}
@@ -91,6 +92,23 @@ static void trimspace (string& s)
   s = s.substr(start, end - start + 1);
 }
 
+void ShibMLPPriv::html_encode(string& os, const char* start)
+{
+    while (start && *start) {
+        switch (*start) {
+            case '<':   os += "<";       break;
+            case '>':   os += ">";       break;
+            case '"':   os += """;     break;
+            case '\'':  os += "’";    break;
+            case '(':   os += "(";      break;
+            case ')':   os += ")";      break;
+            case ':':   os += ":";      break;
+            default:    os += *start;
+        }
+        start++;
+    }
+}
+
 ShibMLP::ShibMLP()
 {
   m_priv = new ShibMLPPriv ();
@@ -145,12 +163,12 @@ const char* ShibMLP::run(const string& is, const IPropertySet* props, std::strin
     
             map<string,string>::const_iterator i=m_map.find(key);
             if (i != m_map.end()) {
-                *output += i->second;
+                m_priv->html_encode(*output,i->second.c_str());
             }
             else {
                 pair<bool,const char*> p=props ? props->getString(key.c_str()) : pair<bool,const char*>(false,NULL);
                 if (p.first) {
-                    *output += p.second;
+                    m_priv->html_encode(*output,p.second);
                 }
                 else {
                     static const char* s1 = "<!-- Unknown SHIBMLP key: ";

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list