396071902267c1654f7eafaf60962aad935a9558 galt Thu Sep 15 17:08:36 2016 -0700 Changing htmlSafef to use %s|none| instead of %-s because %-s has some legitimate uses in html output which means left-justifying the text. Jim uses it in hgBlat. This will make it more general, although it is longer to read and write. For sqlSafef, there was no legitimate expected need to have left-justified output in the production of a SQL statement. diff --git src/lib/htmshell.c src/lib/htmshell.c index d227321..9c43c48 100644 --- src/lib/htmshell.c +++ src/lib/htmshell.c @@ -947,31 +947,31 @@ vfprintf(stderr, format, args); fprintf(stderr, "\n"); fflush(stderr); } else { vaErrAbort(format, args); } va_end(args); return -1; } #define htmlSafefPunc 0x01 // using char 1 as special char to denote strings needing escaping -enum htmlSafefEncoding {dummyzero, html, js, css, attr, url}; +enum htmlSafefEncoding {dummyzero, none, html, js, css, attr, url}; int htmlEscapeAllStrings(char *buffer, char *s, int bufSize, boolean noAbort) /* Escape all strings. * * Returns final size not including terminating 0. * User needs to pre-allocate enough space that escape functions will never run out of space. * This function should be efficient on statements with many strings to be escaped. */ { char *sOrig = s; int sz = 0; int remainder = bufSize; boolean done = FALSE; while (1) { char *start = strchr(s, htmlSafefPunc); char *end = NULL; @@ -1080,105 +1080,103 @@ { spec[cnt++] = c; } } } if (sameString(spec,"js")) enc = (enum htmlSafefEncoding) js; else if (sameString(spec,"css")) enc = (enum htmlSafefEncoding) css; else if (sameString(spec,"attr")) enc = (enum htmlSafefEncoding) attr; else if (sameString(spec,"url")) enc = (enum htmlSafefEncoding) url; else if (sameString(spec,"")) enc = (enum htmlSafefEncoding) html; +else if (sameString(spec,"none")) + enc = (enum htmlSafefEncoding) none; else { htmlSafefAbort(noAbort, "Unknown spec [%s] in format string [%s].", spec, format); return 0; } *pI = i - 1; return enc; } int vaHtmlSafefNoAbort(char* buffer, int bufSize, char *format, va_list args, boolean noAbort) /* VarArgs Format string to buffer, vsprintf style, only with buffer overflow * checking. The resulting string is always terminated with zero byte. * Automatically escapes string values. * This function should be efficient on statements with many strings to be escaped. */ { int formatLen = strlen(format); char *newFormat = NULL; int newFormatSize = 2*formatLen + 1; newFormat = needMem(newFormatSize); char *nf = newFormat; char *lastPct = NULL; int escStringsCount = 0; char c = 0; int i = 0; boolean inPct = FALSE; -boolean isNegated = FALSE; while (i < formatLen) { c = format[i]; *nf++ = c; if (c == '%' && !inPct) { inPct = TRUE; lastPct = nf - 1; // remember where the start was. } else if (c == '%' && inPct) inPct = FALSE; else if (inPct) { if (c == 'l') { // used to handle 'l' long } else if (strchr("diuoxXeEfFgGpcs",c)) { inPct = FALSE; // we finally have the expected format // finally, the string we care about! if (c == 's') { - if (!isNegated) // Not a Pre-escaped String + char enc = htmlSpecifierToEncoding(format, &i, noAbort); + if (enc == 0) + return -1; + if (enc != (enum htmlSafefEncoding) none) // Not a Pre-escaped String { // go back and insert htmlSafefPunc before the leading % char saved in lastPct // move the accumulated %s descriptor memmove(lastPct+1, lastPct, nf - lastPct); // this is typically very small, src and dest overlap. ++nf; *lastPct = htmlSafefPunc; *nf++ = htmlSafefPunc; - char enc = htmlSpecifierToEncoding(format, &i, noAbort); - if (enc == 0) - return -1; *nf++ = enc; ++escStringsCount; } } - - isNegated = FALSE; } else if (strchr("+-.1234567890",c)) { - if (c == '-') - isNegated = TRUE; + // Do nothing. } else { return htmlSafefAbort(noAbort, "String format not understood in vaHtmlSafef: %s", format); } } ++i; } int sz = 0; boolean overflow = FALSE; if (escStringsCount > 0) { int tempSize = bufSize + 3*escStringsCount; // allow for temporary escPunc chars + spectype-char char *tempBuf = needMem(tempSize);