You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Paul Querna <ch...@force-elite.com> on 2009/02/08 00:11:58 UTC
Re: svn commit: r730296 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h
include/httpd.h modules/filters/mod_include.c server/util.c
niq@apache.org wrote:
> Author: niq
> Date: Tue Dec 30 18:27:24 2008
> New Revision: 730296
>
> URL: http://svn.apache.org/viewvc?rev=730296&view=rev
> Log:
> Add support for escaping all non-ascii chars to ap_escape_html, and use
> it to fix PR#25202: encoding="entity" doesn't work as advertised in
> mod_include.
> For backport, this'll need an ABI-preserving version that'll be
> a minor MMN bump. But if we do that in /trunk/, it'll never change.
Why can't the old one just be a function calling the new one, like you
did for the 2.2.x backport?
I hate macros in APIs.
Thanks,
Paul
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/include/ap_mmn.h
> httpd/httpd/trunk/include/httpd.h
> httpd/httpd/trunk/modules/filters/mod_include.c
> httpd/httpd/trunk/server/util.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=730296&r1=730295&r2=730296&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 30 18:27:24 2008
> @@ -2,6 +2,12 @@
> Changes with Apache 2.3.1
> [ When backported to 2.2.x, remove entry from this file ]
>
> + *) mod_include: support generating non-ASCII characters as entities in SSI
> + PR 25202 [Nick Kew]
> +
> + *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
> + PR 25202 [Nick Kew]
> +
> *) mod_rewrite: fix "B" flag breakage by reverting r5589343
> PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
>
>
> Modified: httpd/httpd/trunk/include/ap_mmn.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/ap_mmn.h?rev=730296&r1=730295&r2=730296&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/include/ap_mmn.h (original)
> +++ httpd/httpd/trunk/include/ap_mmn.h Tue Dec 30 18:27:24 2008
> @@ -184,6 +184,8 @@
> * 20081201.0 (2.3.0-dev) Rename several APIs to include ap_ prefix.
> * 20081201.1 (2.3.0-dev) Added ap_args_to_table and ap_body_to_table.
> * 20081212.0 (2.3.0-dev) Remove sb_type from process_score in scoreboard.h.
> + * 20081231.0 (2.3.0-dev) Switch ap_escape_html API: add ap_escape_html2,
> + * and make ap_escape_html a macro for it.
> */
>
> #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
>
> Modified: httpd/httpd/trunk/include/httpd.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/httpd.h?rev=730296&r1=730295&r2=730296&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/include/httpd.h (original)
> +++ httpd/httpd/trunk/include/httpd.h Tue Dec 30 18:27:24 2008
> @@ -1519,7 +1519,15 @@
> * @param s The html to escape
> * @return The escaped string
> */
> -AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s);
> +#define ap_escape_html(p,s) ap_escape_html2(p,s,0)
> +/**
> + * Escape an html string
> + * @param p The pool to allocate from
> + * @param s The html to escape
> + * @param toasc Whether to escape all non-ASCII chars to &#nnn;
> + * @return The escaped string
> + */
> +AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc);
>
> /**
> * Escape a string for logging
>
> Modified: httpd/httpd/trunk/modules/filters/mod_include.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_include.c?rev=730296&r1=730295&r2=730296&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/filters/mod_include.c (original)
> +++ httpd/httpd/trunk/modules/filters/mod_include.c Tue Dec 30 18:27:24 2008
> @@ -1192,7 +1192,8 @@
> echo_text = ap_escape_uri(ctx->dpool, val);
> break;
> case E_ENTITY:
> - echo_text = ap_escape_html(ctx->dpool, val);
> + /* PR#25202: escape anything non-ascii here */
> + echo_text = ap_escape_html2(ctx->dpool, val, 1);
> break;
> }
>
>
> Modified: httpd/httpd/trunk/server/util.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util.c?rev=730296&r1=730295&r2=730296&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/util.c (original)
> +++ httpd/httpd/trunk/server/util.c Tue Dec 30 18:27:24 2008
> @@ -1738,7 +1738,7 @@
>
> /* ap_escape_uri is now a macro for os_escape_path */
>
> -AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
> +AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc)
> {
> int i, j;
> char *x;
> @@ -1751,6 +1751,8 @@
> j += 4;
> else if (s[i] == '"')
> j += 5;
> + else if (toasc && !apr_isascii(s[i]))
> + j += 5;
>
> if (j == 0)
> return apr_pstrmemdup(p, s, i);
> @@ -1773,13 +1775,17 @@
> memcpy(&x[j], """, 6);
> j += 5;
> }
> + else if (toasc && !apr_isascii(s[i])) {
> + char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]);
> + memcpy(&x[j], esc, 6);
> + j += 5;
> + }
> else
> x[j] = s[i];
>
> x[j] = '\0';
> return x;
> }
> -
> AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str)
> {
> char *ret;
>