Dafydd Harries wrote: Hi,
Thanks for the patches, I added them to LM-48 which is the issue tracking this: http://developer.imendio.com/issues/browse/LM-48 Best Regards, Mikael Hallendal > I just discovered that Loudmouth does not escape XML markup when it serializes > a node's attribute. The case in point was a resource that contained a double > quote ("); Loudmouth serialised as: > > <iq to="[email protected]/Foo's Macbook Pro 15"" ... > > Which of course caused the server to disconnect us with an error about the XML > stream not being well formed. > > Attached are two patches which correct this: the first is minimal and simply > calls g_markup_escape_text on the attribute text before appending it to the > serialised text. The second patch changes lm_message_node_to_string to use > GString for accumulating the serialised text; this should significantly reduce > the amount of memory management activity incurred by the function (currently > incurred by the numerous g_strconcat and g_free calls), and also make it > easier to read. For these reasons, I consider the second patch preferable. > > > > ------------------------------------------------------------------------ > > diff -ur loudmouth-1.1.4/loudmouth/lm-message-node.c > loudmouth-1.1.4.patched/loudmouth/lm-message-node.c > --- loudmouth-1.1.4/loudmouth/lm-message-node.c 2006-09-01 > 13:25:21.000000000 +0100 > +++ loudmouth-1.1.4.patched/loudmouth/lm-message-node.c 2006-10-14 > 23:09:52.000000000 +0100 > @@ -453,10 +453,12 @@ > > for (l = node->attributes; l; l = l->next) { > KeyValuePair *kvp = (KeyValuePair *) l->data; > + gchar *escaped = g_markup_escape_text (kvp->value, -1); > > ret_val = g_strdup_printf ("%s %s=\"%s\"", > - str, kvp->key, kvp->value); > + str, kvp->key, escaped); > g_free (str); > + g_free (escaped); > str = ret_val; > } > > > > ------------------------------------------------------------------------ > > diff -ur loudmouth-1.1.4/loudmouth/lm-message-node.c > loudmouth-1.1.4.patched/loudmouth/lm-message-node.c > --- loudmouth-1.1.4/loudmouth/lm-message-node.c 2006-09-01 > 13:25:21.000000000 +0100 > +++ loudmouth-1.1.4.patched/loudmouth/lm-message-node.c 2006-10-15 > 00:17:35.000000000 +0100 > @@ -438,8 +438,7 @@ > gchar * > lm_message_node_to_string (LmMessageNode *node) > { > - gchar *ret_val; > - gchar *str; > + GString *ret; > GSList *l; > LmMessageNode *child; > > @@ -449,46 +448,39 @@ > return g_strdup (""); > } > > - str = g_strdup_printf ("<%s", node->name); > + ret = g_string_new ("<"); > + g_string_append (ret, node->name); > > for (l = node->attributes; l; l = l->next) { > KeyValuePair *kvp = (KeyValuePair *) l->data; > + gchar *escaped = g_markup_escape_text (kvp->value, -1); > > - ret_val = g_strdup_printf ("%s %s=\"%s\"", > - str, kvp->key, kvp->value); > - g_free (str); > - str = ret_val; > + g_string_append_printf (ret, " %s=\"%s\"", kvp->key, escaped); > + g_free (escaped); > } > > - ret_val = g_strconcat (str, ">", NULL); > - g_free (str); > + g_string_append_c (ret, '>'); > > if (node->value) { > gchar *tmp; > > - str = ret_val; > - > if (node->raw_mode == FALSE) { > tmp = g_markup_escape_text (node->value, -1); > - ret_val = g_strconcat (str, tmp, NULL); > + g_string_append (ret, tmp); > g_free (tmp); > } else { > - ret_val = g_strconcat (str, node->value, NULL); > + g_string_append (ret, node->value); > } > - g_free (str); > } > > for (child = node->children; child; child = child->next) { > gchar *child_str = lm_message_node_to_string (child); > - str = ret_val; > - ret_val = g_strconcat (str, " ", child_str, NULL); > - g_free (str); > + g_string_append_c (ret, ' '); > + g_string_append (ret, child_str); > g_free (child_str); > } > > - str = ret_val; > - ret_val = g_strdup_printf ("%s</%s>\n", str, node->name); > - g_free (str); > + g_string_append_printf (ret, "</%s>\n", node->name); > > - return ret_val; > + return g_string_free (ret, FALSE); > } > > > ------------------------------------------------------------------------ > > _______________________________________________ > Loudmouth mailing list > [email protected] > http://lists.imendio.com/mailman/listinfo/loudmouth -- Imendio AB, http://www.imendio.com/
