* Marcin Kasperski <[EMAIL PROTECTED]> [2002-11-08 17:33]: > darren chamberlain <[EMAIL PROTECTED]> writes: > > > * Marcin Kasperski <[EMAIL PROTECTED]> [2002-11-08 16:22]: > > > I use Apache::Util::escape_html to perform fast HTML-escaping of the > > > data before displaying it. Unfortunately, this function handles > > > <, >, & and " but does not handle ' (single quote) - which > > > can be escaped as ' > > > > Hey, this is an easy one. Apply the attached patch to > > mod_perl-1.XX/src/modules/perl/Util.xs, and single quotes will be > > turned into ' > > Your patch seems to me to be partially wrong (you missed similar > addition a few lines above, while calculating the destination > size).
Erm, yeah, so I see, now that you mention it. > Nevertheless, I write here about the problem because I would really > like having such a change in the mainstream modperl distribution. > Keeping my own patched modperl distribution, integrating changes etc > is a bit troublesome (organizationally). I'm think that, with mod_perl 2.0, mod_perl 1.x might not be high on maintainer's list of stuff to do, but Jim Winstead would probably accept a (proper!) patch and release libapreq-1.01. (darren) -- All extreme positions are wrong. -- Erann Gat
--- Util.xs.orig Fri Nov 8 16:42:42 2002 +++ Util.xs Sat Nov 9 08:58:32 2002 @@ -45,6 +45,8 @@ static SV *my_escape_html(char *s) j += 4; else if (s[i] == '"') j += 5; + else if (s[i] == '\'') + j += 5; if (j == 0) return newSVpv(s,i); @@ -67,6 +69,10 @@ static SV *my_escape_html(char *s) memcpy(&SvPVX(x)[j], """, 6); j += 5; } + else if (s[i] == '\'') { + memcpy(&SvPVX(x)[j], "'", 6); + j += 5; + } else SvPVX(x)[j] = s[i];