# HG changeset patch # User Olaf Wintermann # Date 1643305598 -3600 # Node ID 607712fb3c66a843b0bbb083a3efdb6d13833ce7 # Parent f4eb5d125e58b8dcae6660fd6654cd9987bef249 escape html output in pg_query diff -r f4eb5d125e58 -r 607712fb3c66 src/server/plugins/postgresql/service.c --- a/src/server/plugins/postgresql/service.c Thu Jan 27 15:50:42 2022 +0100 +++ b/src/server/plugins/postgresql/service.c Thu Jan 27 18:46:38 2022 +0100 @@ -76,7 +76,12 @@ if(nfields > 0) { net_printf(sn->csd, "\n\n"); for(int i=0;icsd, "\n", PQfname(result, i)); + char *fieldName = PQfname(result, i); + char *fieldNameEscaped = util_html_escape(fieldName); + if(fieldNameEscaped) { + net_printf(sn->csd, "\n", fieldNameEscaped); + FREE(fieldNameEscaped); + } } net_printf(sn->csd, "\n"); @@ -84,7 +89,12 @@ for(int r=0;rcsd, "\n"); for(int c=0;ccsd, "\n", PQgetvalue(result, r, c)); + char *fieldValue = PQgetvalue(result, r, c); + char *fieldValueEscaped = util_html_escape(fieldValue); + if(fieldValueEscaped) { + net_printf(sn->csd, "\n", fieldValueEscaped); + FREE(fieldValueEscaped); + } } net_printf(sn->csd, "\n"); } diff -r f4eb5d125e58 -r 607712fb3c66 src/server/public/nsapi.h --- a/src/server/public/nsapi.h Thu Jan 27 15:50:42 2022 +0100 +++ b/src/server/public/nsapi.h Thu Jan 27 18:46:38 2022 +0100 @@ -1612,6 +1612,9 @@ ResourceData* resourcepool_lookup(Session *sn, Request *rq, const char *name, int flags); void resourcepool_free(Session *sn, Request *rq, ResourceData *resource); +// utils +NSAPI_PUBLIC char *util_html_escape(const char *s); + // assert void ws_log_assert(const char *file, const char *func, int line); #ifdef _DEBUG diff -r f4eb5d125e58 -r 607712fb3c66 src/server/util/util.h --- a/src/server/util/util.h Thu Jan 27 15:50:42 2022 +0100 +++ b/src/server/util/util.h Thu Jan 27 18:46:38 2022 +0100 @@ -229,8 +229,6 @@ NSAPI_PUBLIC int64_t util_atoi64(const char *a); -NSAPI_PUBLIC char *util_html_escape(const char *s); - NSAPI_PUBLIC int util_qtoi(const char *q, const char **p); /* path utils */
%s%s
%s%s