dougm 02/03/24 13:57:53
Modified: . Changes STATUS
src/modules/perl Util.xs
t/net/perl util.pl
Log:
Submitted by: Geoff Young <[EMAIL PROTECTED]>
Reviewed by: dougm
properly escape highbit chars in Apache::Utils::escape_html
Revision Changes Path
1.633 +4 -0 modperl/Changes
Index: Changes
===================================================================
RCS file: /home/cvs/modperl/Changes,v
retrieving revision 1.632
retrieving revision 1.633
diff -u -r1.632 -r1.633
--- Changes 24 Mar 2002 21:00:05 -0000 1.632
+++ Changes 24 Mar 2002 21:57:53 -0000 1.633
@@ -10,6 +10,10 @@
=item 1.26_01-dev
+properly escape highbit chars in Apache::Utils::escape_html
+[Geoff Young <[EMAIL PROTECTED]>,
+Robin Berjon <[EMAIL PROTECTED]>]
+
allow $r->auth_name and $r->auth_type to be set on win32
[John Kelly <[EMAIL PROTECTED]>]
1.9 +1 -7 modperl/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/modperl/STATUS,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- STATUS 24 Mar 2002 21:00:20 -0000 1.8
+++ STATUS 24 Mar 2002 21:57:53 -0000 1.9
@@ -1,5 +1,5 @@
mod_perl 1.3 STATUS:
- Last modified at [$Date: 2002/03/24 21:00:20 $]
+ Last modified at [$Date: 2002/03/24 21:57:53 $]
Release:
@@ -20,12 +20,6 @@
Report: http://marc.theaimsgroup.com/?l=apache-modperl&m=97449481013350&w=2
Status:
doc patch at
http://marc.theaimsgroup.com/?l=apache-modperl&m=97450363501652&w=2
-
- * Apache::Utils::escape_html issues
- Report: http://marc.theaimsgroup.com/?l=apache-modperl&m=101180404809059&w=2
- Status:
- "patch" available
-
http://marc.theaimsgroup.com/?l=apache-modperl-dev&m=101188287032621&w=2
* Apache::RegistryNG issues
Report:
http://marc.theaimsgroup.com/?l=apache-modperl-dev&m=101240123609773&w=2
1.10 +8 -1 modperl/src/modules/perl/Util.xs
Index: Util.xs
===================================================================
RCS file: /home/cvs/modperl/src/modules/perl/Util.xs,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- Util.xs 4 Mar 2000 20:55:47 -0000 1.9
+++ Util.xs 24 Mar 2002 21:57:53 -0000 1.10
@@ -32,6 +32,9 @@
return sv;
}
+#define IS_HIGHBIT_CHAR(b) \
+ ( (((unsigned char)(b)) > 126) && (((unsigned char)(b)) <= 255) )
+
static SV *my_escape_html(char *s)
{
int i, j;
@@ -43,7 +46,7 @@
j += 3;
else if (s[i] == '&')
j += 4;
- else if (s[i] == '"')
+ else if (s[i] == '"' || IS_HIGHBIT_CHAR(s[i]))
j += 5;
if (j == 0)
@@ -67,6 +70,10 @@
memcpy(&SvPVX(x)[j], """, 6);
j += 5;
}
+ else if (IS_HIGHBIT_CHAR(s[i])) {
+ sprintf(&SvPVX(x)[j], "&#%d;", (unsigned char)s[i]);
+ j += 5;
+ }
else
SvPVX(x)[j] = s[i];
1.12 +5 -1 modperl/t/net/perl/util.pl
Index: util.pl
===================================================================
RCS file: /home/cvs/modperl/t/net/perl/util.pl,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- util.pl 6 Mar 2000 07:50:54 -0000 1.11
+++ util.pl 24 Mar 2002 21:57:53 -0000 1.12
@@ -2,7 +2,7 @@
use Apache::test;
$|++;
my $i = 0;
-my $tests = 7;
+my $tests = 8;
my $r = shift;
$r->send_http_header('text/plain');
@@ -61,6 +61,10 @@
</body>
</html>
EOF
+
+#XXX: this test could be more robust, but its better than nothing
+my $c = Apache::Util::escape_html("\x8b");
+test ++$i, $c =~ /^&\#\d{3,3}\;$/;
my $txt = "No html tags in here at all";
my $etxt = Apache::Util::escape_html($txt);
