* Marcin Kasperski <[EMAIL PROTECTED]> [2002-11-08 17:33]:
> darren chamberlain <[EMAIL PROTECTED]> writes:
>
> > * Marcin Kasperski <[EMAIL PROTECTED]> [2002-11-08 16:22]:
> > > I use Apache::Util::escape_html to perform fast HTML-escaping of the
> > > data before displaying it. Unfortunately, this function handles
> > > <, >, & and " but does not handle ' (single quote) - which
> > > can be escaped as '
> >
> > Hey, this is an easy one. Apply the attached patch to
> > mod_perl-1.XX/src/modules/perl/Util.xs, and single quotes will be
> > turned into '
>
> Your patch seems to me to be partially wrong (you missed similar
> addition a few lines above, while calculating the destination
> size).
Erm, yeah, so I see, now that you mention it.
> Nevertheless, I write here about the problem because I would really
> like having such a change in the mainstream modperl distribution.
> Keeping my own patched modperl distribution, integrating changes etc
> is a bit troublesome (organizationally).
I'm think that, with mod_perl 2.0, mod_perl 1.x might not be high on
maintainer's list of stuff to do, but Jim Winstead would probably accept
a (proper!) patch and release libapreq-1.01.
(darren)
--
All extreme positions are wrong.
-- Erann Gat
--- Util.xs.orig Fri Nov 8 16:42:42 2002
+++ Util.xs Sat Nov 9 08:58:32 2002
@@ -45,6 +45,8 @@ static SV *my_escape_html(char *s)
j += 4;
else if (s[i] == '"')
j += 5;
+ else if (s[i] == '\'')
+ j += 5;
if (j == 0)
return newSVpv(s,i);
@@ -67,6 +69,10 @@ static SV *my_escape_html(char *s)
memcpy(&SvPVX(x)[j], """, 6);
j += 5;
}
+ else if (s[i] == '\'') {
+ memcpy(&SvPVX(x)[j], "'", 6);
+ j += 5;
+ }
else
SvPVX(x)[j] = s[i];
