diff options
author | Olle Johansson <oej@edvina.net> | 2007-02-16 11:47:48 +0000 |
---|---|---|
committer | Olle Johansson <oej@edvina.net> | 2007-02-16 11:47:48 +0000 |
commit | 33915a153afa0ef959ffb036d15d740ac744825e (patch) | |
tree | 586ec49200a6f8596705f5d25a8241cda9a2b70e /res | |
parent | 71c7f6e32fae91a57e8e09b004da348ca9dbcc75 (diff) |
Issue #9068 - make sure we quote HTML characters correctly too (seanbright)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@54774 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res')
-rw-r--r-- | res/res_agi.c | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/res/res_agi.c b/res/res_agi.c index e17147d07..c27b67f14 100644 --- a/res/res_agi.c +++ b/res/res_agi.c @@ -1941,6 +1941,37 @@ static int handle_showagi(int fd, int argc, char *argv[]) return RESULT_SUCCESS; } +/*! \brief Convert string to use HTML escaped characters + \note Maybe this should be a generic function? +*/ +static void write_html_escaped(FILE *htmlfile, char *str) +{ + char *cur = str; + + while(*cur) { + switch (*cur) { + case '<': + fprintf(htmlfile, "%s", "<"); + break; + case '>': + fprintf(htmlfile, "%s", ">"); + break; + case '&': + fprintf(htmlfile, "%s", "&"); + break; + case '"': + fprintf(htmlfile, "%s", """); + break; + default: + fprintf(htmlfile, "%c", *cur); + break; + } + cur++; + } + + return; +} + static int handle_agidumphtml(int fd, int argc, char *argv[]) { struct agi_command *e; @@ -1979,11 +2010,16 @@ static int handle_agidumphtml(int fd, int argc, char *argv[]) stringp=e->usage; tempstr = strsep(&stringp, "\n"); - fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">%s</TD></TR>\n", tempstr); + fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">"); + write_html_escaped(htmlfile, tempstr); + fprintf(htmlfile, "</TD></TR>\n"); + fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">\n"); - while ((tempstr = strsep(&stringp, "\n")) != NULL) - fprintf(htmlfile, "%s<BR>\n",tempstr); + while ((tempstr = strsep(&stringp, "\n")) != NULL) { + write_html_escaped(htmlfile, tempstr); + fprintf(htmlfile, "<BR>\n"); + } fprintf(htmlfile, "</TD></TR>\n"); fprintf(htmlfile, "</TABLE></TD></TR>\n\n"); |