* [PATCH] PR19433 - Escape filepaths in abixml
@ 2016-01-01 0:00 Ondrej Oprala
2016-01-01 0:00 ` Dodji Seketeli
0 siblings, 1 reply; 2+ messages in thread
From: Ondrej Oprala @ 2016-01-01 0:00 UTC (permalink / raw)
To: Abigail Project Mailing List
[-- Attachment #1: Type: text/plain, Size: 89 bytes --]
Filepaths can contain '<' and '>', which makes XML parsers unhappy :(
Cheers,
Ondrej
[-- Attachment #2: 0001-Escape-the-value-of-the-filepath-attribute.patch --]
[-- Type: text/x-patch, Size: 1179 bytes --]
From 6c23fa261bff7cf4eb49237e4d795e3feb8b4e0b Mon Sep 17 00:00:00 2001
From: Ondrej Oprala <ooprala@redhat.com>
Date: Mon, 18 Jan 2016 08:51:21 +0100
Subject: [PATCH] Escape the value of the filepath attribute.
* src/abg-writer.cc (write_location): Sanitize the filepath with
xml::escape_xml_string().
Signed-off-by: Ondrej Oprala <ooprala@redhat.com>
---
src/abg-writer.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/abg-writer.cc b/src/abg-writer.cc
index 62b5748..cfcb61a 100644
--- a/src/abg-writer.cc
+++ b/src/abg-writer.cc
@@ -592,7 +592,7 @@ write_location(const location& loc, ostream& o)
loc.expand(filepath, line, column);
- o << " filepath='" << filepath << "'"
+ o << " filepath='" << xml::escape_xml_string(filepath) << "'"
<< " line='" << line << "'"
<< " column='" << column << "'";
}
@@ -620,7 +620,7 @@ write_location(const decl_base_sptr& decl,
loc.expand(filepath, line, column);
- o << " filepath='" << filepath << "'"
+ o << " filepath='" << xml::escape_xml_string(filepath) << "'"
<< " line='" << line << "'"
<< " column='" << column << "'";
}
--
2.5.0
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] PR19433 - Escape filepaths in abixml
2016-01-01 0:00 [PATCH] PR19433 - Escape filepaths in abixml Ondrej Oprala
@ 2016-01-01 0:00 ` Dodji Seketeli
0 siblings, 0 replies; 2+ messages in thread
From: Dodji Seketeli @ 2016-01-01 0:00 UTC (permalink / raw)
To: Ondrej Oprala; +Cc: Abigail Project Mailing List
Hello,
Ondrej Oprala <ooprala@redhat.com> a écrit:
> Filepaths can contain '<' and '>', which makes XML parsers unhappy :(
Right.
>
> * src/abg-writer.cc (write_location): Sanitize the filepath with
> xml::escape_xml_string().
I first thought that the reader side should be updated too, to un-escape
the stuff that got escaped, but then I realized that the read_location()
function from abg-reader.cc uses the xmlGetProp() function from libxml2
which actually does "entity substitution" a.k.a un-escaping. So the
patch is good.
I am wondering, would it be possible to add a small test case that
exhibits the issue? There are cases where it's too complicated to
devise a small test case, but I am thinking that in this case, it should
be possible fairly easily. Or am I missing something?
If we agree, you could add it to the test-types-stability.cc test
harness.
OK to commit with that change.
Cheers,
--
Dodji
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-01-18 9:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-01 0:00 [PATCH] PR19433 - Escape filepaths in abixml Ondrej Oprala
2016-01-01 0:00 ` Dodji Seketeli
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).