From: Adam Dickmeiss Date: Tue, 22 Apr 2008 19:29:35 +0000 (+0200) Subject: Fixed bug #1162: HTML entities are not escaped properly. X-Git-Tag: PAZPAR2.1.0.8~2 X-Git-Url: http://sru.miketaylor.org.uk/cgi-bin?a=commitdiff_plain;h=bca9f7d03a33dc346648b7b1f60555042ecf42ba;p=pazpar2-moved-to-github.git Fixed bug #1162: HTML entities are not escaped properly. The recid CDATA was not escaped properly. --- diff --git a/src/http_command.c b/src/http_command.c index 7eab95f..1272415 100644 --- a/src/http_command.c +++ b/src/http_command.c @@ -613,7 +613,9 @@ static void cmd_record(struct http_channel *c) else { wrbuf_puts(c->wrbuf, "\n"); - wrbuf_printf(c->wrbuf, "%s\n", rec->recid); + wrbuf_puts(c->wrbuf, ""); + wrbuf_xmlputs(c->wrbuf, rec->recid); + wrbuf_puts(c->wrbuf, "\n"); write_metadata(c->wrbuf, service, rec->metadata, 1); for (r = rec->records; r; r = r->next) write_subrecord(r, c->wrbuf, service, 1); @@ -688,7 +690,9 @@ static void show_records(struct http_channel *c, int active) write_subrecord(p, c->wrbuf, service, 0); // subrecs w/o details if (ccount > 1) wrbuf_printf(c->wrbuf, "%d\n", ccount); - wrbuf_printf(c->wrbuf, "%s\n", rec->recid); + wrbuf_puts(c->wrbuf, ""); + wrbuf_xmlputs(c->wrbuf, rec->recid); + wrbuf_puts(c->wrbuf, "\n"); wrbuf_puts(c->wrbuf, "\n"); }