diff options
| author | swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164> | 2004-04-06 17:45:14 +0000 |
|---|---|---|
| committer | swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164> | 2004-04-06 17:45:14 +0000 |
| commit | 89b88d27b20641e04cd1c2714c299d8908822b54 (patch) | |
| tree | 5b31770e8864f4d6f0953acbe24af5cc80d43730 /src/SStringHTML.c | |
| parent | 3ccc27cd1bf0912054213a88798b088010173f1e (diff) | |
Regarding Cactus bug report 1632 "HTTPD contains buffer overflows"
1) Got rid of most strcat/sprintf into automatic array, replaced
with a String module that allocates dynamic memory on the heap.
2) Went a long way toward initializing all variables.
3) Tested: Ran two copies with same parfile except different port,
one with my changes, one with original. Went through different
kinds of pages by hand, checked by eye.
4) Tried to make HTML XHTML 1.0-compliant. Checked with Amaya.
One problem: How to deal with raw less-than characters, etc.
Made a function to convert them to HTML Character Entities,
but isn't clear this will work properly in the forms. So
I left these symbols in the forms.
5) Also checked with more primitive browsers, lynx and dillo.
6) Marked a few instances of questionable code with 'SW'
To do
-----
Document a few new functions, esp. in Content.c
git-svn-id: http://svn.cactuscode.org/arrangements/CactusConnect/HTTPD/trunk@187 1faa4e14-9dd3-4be0-9f0e-ffe519881164
Diffstat (limited to 'src/SStringHTML.c')
| -rw-r--r-- | src/SStringHTML.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/src/SStringHTML.c b/src/SStringHTML.c new file mode 100644 index 0000000..5d4951a --- /dev/null +++ b/src/SStringHTML.c @@ -0,0 +1,40 @@ + /*@@ + @file SStringHTML.c + @date 02.04.2004 + @author Steve White + @desc Extension to Strings module with function specific to HTML + @enddesc + @version $Header$ + @@*/ +#include "SStringHTML.h" + +static String * +StringReplaceCharWithCString( String * str, SSCHAR c, const SSCHAR *cstr ); + +String * +StringSetToEncodedHTMLCString( String * str, const SSCHAR *c ) +{ + return StringEncodeHTML( StringSetToCString( str, c ) ); +} + +String * +StringEncodeHTML( String * str ) +{ + StringReplaceCharWithCString( str, '&', "&" ); + StringReplaceCharWithCString( str, '<', "<" ); + StringReplaceCharWithCString( str, '>', ">" ); + return str; +} + +String * +StringReplaceCharWithCString( String * str, SSCHAR c, const SSCHAR *cstr ) +{ + size_t position = 0; + while( StringFindChar( str, c, &position ) ) + { + StringDeleteChar( str, position ); + StringInsertCString( str, cstr, position ); + position ++; + } + return str; +} |