[Openvas-commits] r5745 - in trunk/openvas-libraries: . omp

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 28 12:30:27 CET 2009 

Author: felix
Date: 2009-10-28 12:30:26 +0100 (Wed, 28 Oct 2009)
New Revision: 5745

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/omp/xml.c
Log:
* omp/xml.x (print_entity, print_entity_format): Escape text of
entities, as otherwise invalid XML might result.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2009-10-28 10:17:17 UTC (rev 5744)
+++ trunk/openvas-libraries/ChangeLog	2009-10-28 11:30:26 UTC (rev 5745)
@@ -1,3 +1,8 @@
+2009-10-28  Felix Wolfsteller <felix.wolfsteller at intevation.de>
+
+	* omp/xml.x (print_entity, print_entity_format): Escape text of
+	entities, as otherwise invalid XML might result.
+
 2009-10-26  Michael Wiegand <michael.wiegand at intevation.de>
 
 	Post-release version bump.

Modified: trunk/openvas-libraries/omp/xml.c
===================================================================
--- trunk/openvas-libraries/omp/xml.c	2009-10-28 10:17:17 UTC (rev 5744)
+++ trunk/openvas-libraries/omp/xml.c	2009-10-28 11:30:26 UTC (rev 5745)
@@ -574,13 +574,16 @@
 void
 print_entity (FILE* stream, entity_t entity)
 {
+  gchar* text_escaped = NULL;
   fprintf (stream, "<%s", entity->name);
   if (entity->attributes && g_hash_table_size (entity->attributes))
     g_hash_table_foreach (entity->attributes,
                           foreach_print_attribute,
                           stream);
   fprintf (stream, ">");
-  fprintf (stream, "%s", entity->text);
+  text_escaped = g_markup_escape_text (entity->text, -1);
+  fprintf (stream, "%s", text_escaped);
+  g_free (text_escaped);
   g_slist_foreach (entity->entities, foreach_print_entity, stream);
   fprintf (stream, "</%s>", entity->name);
   fflush (stream);
@@ -629,6 +632,7 @@
 {
   int i = 0;
   int indentation = GPOINTER_TO_INT (indent);
+  gchar* text_escaped = NULL;
 
   for (i = 0; i < indentation; i++)
     printf ("  ");
@@ -640,7 +644,9 @@
                           indent);
   printf (">");
 
-  printf ("%s", entity->text);
+  text_escaped = g_markup_escape_text (entity->text, -1);
+  printf ("%s", text_escaped);
+  g_free (text_escaped);
 
   if (entity->entities)
     {

More information about the Openvas-commits mailing list