39c1c15163cf86529fdcb102535f639da0bd89f5
galt
  Sun Feb 5 00:04:41 2017 -0800
Dealing with warnings messages that overflow the 1024 limit buffer. Fullsize warning message still appears in the error log.

diff --git src/lib/htmshell.c src/lib/htmshell.c
index 1345864..c19528b 100644
--- src/lib/htmshell.c
+++ src/lib/htmshell.c
@@ -37,38 +37,42 @@
 {
 NoEscape = TRUE;
 }
 
 void htmlDoEscape()
 {
 NoEscape = FALSE;
 }
 
 void htmlVaEncodeErrorText(char *format, va_list args)
 /* Write an error message encoded against XSS. */
 {
 va_list argscp;
 va_copy(argscp, args);
 char warning[1024];
-int sz = vaHtmlSafefNoAbort(warning, sizeof(warning), format, args, TRUE, FALSE);
-if (sz < 0)
-    {
-    safecpy(warning, sizeof(warning), "Low level error in htmlSafef. See error logs for details.");
-    vfprintf(stderr, format, args);
-    fprintf(stderr, "\n");
-    fflush(stderr);
-    }
+
+struct dyString *ds = newDyString(1024);
+vaHtmlDyStringPrintf(ds, format, args);
+int n = ds->stringSize;
+int nLimit = sizeof(warning) - 1;
+if (ds->stringSize > nLimit)
+    n = nLimit;
+safencpy(warning, sizeof warning, ds->string, n);
+if (ds->stringSize > nLimit)
+    strcpy(warning+n-5,"[...]");  // indicated trucation
+freeDyString(&ds);
+
 fprintf(stdout, "%s\n", warning);
 /* write warning/error message to stderr so they get logged. */
 vfprintf(stderr, format, argscp);
 fprintf(stderr, "\n");
 fflush(stderr);
 va_end(argscp);
 }
 
 
 void htmlVaParagraph(char *line, va_list args)
 /* Print a line in it's own paragraph. */
 {
 fputs("<P>", stdout);
 vfprintf(stdout, line, args);
 fputs("</P>\n", stdout);
@@ -608,35 +612,40 @@
 dyStringPrintf(dy,"window.onunload = function(){}; // Trick to avoid FF back button issue.\n");
 
 jsInline(dy->string);
 dyStringFree(&dy);
 }
 
 void htmlVaWarn(char *format, va_list args)
 /* Write an error message. */
 {
 va_list argscp;
 va_copy(argscp, args);
 htmlWarnBoxSetup(stdout); // sets up the warnBox if it hasn't already been done.
 char warning[1024];
 
 // html-encode arguments to fight XSS
-int sz = vaHtmlSafefNoAbort(warning, sizeof(warning), format, args, TRUE, FALSE);
-if (sz < 0)
-    {
-    safecpy(warning, sizeof(warning), "Low level error in htmlSafef. See error logs for details.");
-    }
+struct dyString *ds = newDyString(1024);
+vaHtmlDyStringPrintf(ds, format, args);
+int n = ds->stringSize;
+int nLimit = sizeof(warning) - 1;
+if (ds->stringSize > nLimit)
+    n = nLimit;
+safencpy(warning, sizeof warning, ds->string, n);
+if (ds->stringSize > nLimit)
+    strcpy(warning+n-5,"[...]"); // show truncation
+freeDyString(&ds);
 
 // Replace newlines with BR tag
 char *warningBR = htmlWarnEncode(warning); 
 
 // Javascript-encode the entire message because it is
 // going to appear as a javascript string literal
 // as it gets appended to the warnList html.
 // JS-encoding here both allows us to use any character in the message
 // and keeps js-encodings in events like onmouseover="stuff %s|js| stuff" secure.
 char *jsEncodedMessage = javascriptEncode (warningBR); 
 freeMem(warningBR);
 struct dyString *dy = dyStringNew(2048);
 dyStringPrintf(dy,
     "showWarnBox();"
     "var warnList=document.getElementById('warnList');"