Hello Tim, On Wed, Apr 24, 2002 at 10:34:00AM +0200, [EMAIL PROTECTED] wrote:
> There is a problem with Swat and it's handling of quoted strings. I've > tested this on the latest released version of Samba (2.2.3a). The patch you're actually looking for is attached. Cheers, Steve Langasek postmodern programmer
--- samba-2.2.2.cvs20020120.orig/source/web/swat.c +++ samba-2.2.2.cvs20020120/source/web/swat.c @@ -49,6 +49,19 @@ #define ENABLE_USER_FLAG "enable_user_flag" #define RHOST "remote_host" +typedef struct html_conversion { + char src; + char *dest; +} html_conversion; + +static const html_conversion entities[] = { + { '"', """ }, + { '&', "&" }, + { '<', "<" }, + { '>', ">" }, + { '\0', NULL }, +}; + /* we need these because we link to locking*.o */ void become_root(void) {} void unbecome_root(void) {} @@ -77,6 +90,51 @@ return newstring; } +static char *htmlentities(char *str) +{ + int i,j, destlen = 0; + int length = strlen(str); + /* Feel free to use a pstring if appropriate -- I haven't + checked if it's guaranteed to be long enough, and suspect it + isn't. -SRL */ + char *dststr = NULL; + char *p; + + for (i = 0; i < length; i++) { + for (j = 0; entities[j].src; j++) { + if (str[i] == entities[j].src) { + destlen += strlen(entities[j].dest); + break; + } + } + if (!entities[j].src) { + destlen++; + } + } + if (length == destlen) { + return(strdup(str)); + } + p = dststr = malloc(destlen + 1); + if (!dststr) { + return(NULL); + } + dststr[destlen] = '\0'; + for (i = 0; i < length; i++) { + for (j = 0; entities[j].src; j++) { + if (str[i] == entities[j].src) { + strncpy(p, entities[j].dest, + strlen(entities[j].dest)); + p += strlen(entities[j].dest); + break; + } + } + if (!entities[j].src) { + *p++ = str[i]; + } + } + return(dststr); +} + static char *stripspace(char *str) { static char newstring[1024]; @@ -182,8 +240,12 @@ case P_STRING: case P_USTRING: - printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">", - make_parm_name(parm->label), *(char **)ptr); + str = htmlentities(*(char **)ptr); + printf("<input type=\"text\" size=\"40\" name=\"parm_%s\" +value=\"%s\">", + make_parm_name(parm->label), str); + if (str != NULL) { + free(str); + } printf("<input type=button value=\"Set Default\" onClick=\"swatform.parm_%s.value=\'%s\'\">", make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue))); break;
msg01041/pgp00000.pgp
Description: PGP signature