You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2009/01/08 02:24:16 UTC
svn commit: r732583 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
include/ap_mmn.h include/httpd.h modules/filters/mod_include.c server/util.c
Author: niq
Date: Wed Jan 7 17:24:16 2009
New Revision: 732583
URL: http://svn.apache.org/viewvc?rev=732583&view=rev
Log:
Backport r730296: fix for HTML entity escaping in mod_include,
including enhancement of ap_escape_html API.
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/include/ap_mmn.h
httpd/httpd/branches/2.2.x/include/httpd.h
httpd/httpd/branches/2.2.x/modules/filters/mod_include.c
httpd/httpd/branches/2.2.x/server/util.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=732583&r1=732582&r2=732583&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Wed Jan 7 17:24:16 2009
@@ -1,6 +1,12 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.12
+ *) mod_include: support generating non-ASCII characters as entities in SSI
+ PR 25202 [Nick Kew]
+
+ *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
+ [Nick Kew]
+
*) mod_rewrite: fix "B" flag breakage by reverting r589343
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=732583&r1=732582&r2=732583&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Jan 7 17:24:16 2009
@@ -93,15 +93,6 @@
http://svn.apache.org/viewvc?view=rev&revision=731594
+1: niq, rpluem, covener
- * Enhance ap_escape_html to add an option to escape all non-ASCII
- characters. Use this to fix mod_include's handling of entities.
- PR 25202
- trunk:
- http://svn.apache.org/viewvc?view=rev&revision=730296
- 2.2.x:
- http://people.apache.org/~niq/patches/25202
- +1: niq, rpluem, covener
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/include/ap_mmn.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/ap_mmn.h?rev=732583&r1=732582&r2=732583&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/include/ap_mmn.h (original)
+++ httpd/httpd/branches/2.2.x/include/ap_mmn.h Wed Jan 7 17:24:16 2009
@@ -135,6 +135,7 @@
* 20051115.19 (2.2.11) Added ap_timeout_parameter_parse to util.c / httpd.h
* 20051115.20 (2.2.11) Add ap_proxy_buckets_lifetime_transform to mod_proxy.h
* 20051115.21 (2.2.11) Export mod_rewrite.h in the public API
+ * 20051115.22 (2.2.12) Add ap_escape_html2 API, with additional option
*/
#define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */
Modified: httpd/httpd/branches/2.2.x/include/httpd.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/httpd.h?rev=732583&r1=732582&r2=732583&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/include/httpd.h (original)
+++ httpd/httpd/branches/2.2.x/include/httpd.h Wed Jan 7 17:24:16 2009
@@ -1495,6 +1495,14 @@
* @return The escaped string
*/
AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s);
+/**
+ * Escape an html string
+ * @param p The pool to allocate from
+ * @param s The html to escape
+ * @param toasc Whether to escape all non-ASCII chars to &#nnn;
+ * @return The escaped string
+ */
+AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc);
/**
* Escape a string for logging
Modified: httpd/httpd/branches/2.2.x/modules/filters/mod_include.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/filters/mod_include.c?rev=732583&r1=732582&r2=732583&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/filters/mod_include.c (original)
+++ httpd/httpd/branches/2.2.x/modules/filters/mod_include.c Wed Jan 7 17:24:16 2009
@@ -1812,7 +1812,8 @@
echo_text = ap_escape_uri(ctx->dpool, val);
break;
case E_ENTITY:
- echo_text = ap_escape_html(ctx->dpool, val);
+ /* PR#25202: escape anything non-ascii here */
+ echo_text = ap_escape_html2(ctx->dpool, val, 1);
break;
}
Modified: httpd/httpd/branches/2.2.x/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/util.c?rev=732583&r1=732582&r2=732583&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/util.c (original)
+++ httpd/httpd/branches/2.2.x/server/util.c Wed Jan 7 17:24:16 2009
@@ -1737,7 +1737,7 @@
/* ap_escape_uri is now a macro for os_escape_path */
-AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
+AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc)
{
int i, j;
char *x;
@@ -1750,6 +1750,8 @@
j += 4;
else if (s[i] == '"')
j += 5;
+ else if (toasc && !apr_isascii(s[i]))
+ j += 5;
if (j == 0)
return apr_pstrmemdup(p, s, i);
@@ -1772,13 +1774,21 @@
memcpy(&x[j], """, 6);
j += 5;
}
+ else if (toasc && !apr_isascii(s[i])) {
+ char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]);
+ memcpy(&x[j], esc, 6);
+ j += 5;
+ }
else
x[j] = s[i];
x[j] = '\0';
return x;
}
-
+AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
+{
+ return ap_escape_html2(p, s, 0);
+}
AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str)
{
char *ret;