src/lib/htmshell.c 44ccfacbe3a3d4b300f80d48651c77837a4b571e

44ccfacbe3a3d4b300f80d48651c77837a4b571e
galt
  Tue Apr 26 11:12:02 2022 -0700
SQL INJECTION Prevention Version 2 - this improves our methods by making subclauses of SQL that get passed around be both easy and correct to use. The way that was achieved was by getting rid of the obscure and not well used functions sqlSafefFrag and sqlDyStringPrintfFrag and replacing them with the plain versions of those functions, since these are not needed anymore. The new version checks for NOSQLINJ in unquoted %-s which is used to include SQL clauses, and will give an error the NOSQLINJ clause is not present, and this will automatically require the correct behavior by developers. sqlDyStringPrint is a very useful function, however because it was not enforced, users could use various other dyString functions and they operated without any awareness or checking for SQL correct use. Now those dyString functions are prohibited and it will produce an error if you try to use a dyString function on a SQL string, which is simply detected by the presence of the NOSQLINJ prefix.

diff --git src/lib/htmshell.c src/lib/htmshell.c
index a79b16a..23fd280 100644
--- src/lib/htmshell.c
+++ src/lib/htmshell.c
@@ -39,40 +39,40 @@
 NoEscape = TRUE;
 }
 
 void htmlDoEscape()
 {
 NoEscape = FALSE;
 }
 
 void htmlVaEncodeErrorText(char *format, va_list args)
 /* Write an error message encoded against XSS. */
 {
 va_list argscp;
 va_copy(argscp, args);
 char warning[1024];
 
-struct dyString *ds = newDyString(1024);
+struct dyString *ds = dyStringNew(1024);
 vaHtmlDyStringPrintf(ds, format, args);
 int n = ds->stringSize;
 int nLimit = sizeof(warning) - 1;
 if (ds->stringSize > nLimit)
     n = nLimit;
 safencpy(warning, sizeof warning, ds->string, n);
 if (ds->stringSize > nLimit)
     strcpy(warning+n-5,"[...]");  // indicated trucation
-freeDyString(&ds);
+dyStringFree(&ds);
 
 fprintf(stdout, "%s\n", warning);
 /* write warning/error message to stderr so they get logged. */
 vfprintf(stderr, format, argscp);
 fprintf(stderr, "\n");
 fflush(stderr);
 va_end(argscp);
 }
 
 
 void htmlVaParagraph(char *line, va_list args)
 /* Print a line in it's own paragraph. */
 {
 fputs("<P>", stdout);
 vfprintf(stdout, line, args);
@@ -647,40 +647,40 @@
 dyStringPrintf(dy,"window.onunload = function(){}; // Trick to avoid FF back button issue.\n");
 
 jsInline(dy->string);
 dyStringFree(&dy);
 }
 
 void htmlVaWarn(char *format, va_list args)
 /* Write an error message. */
 {
 va_list argscp;
 va_copy(argscp, args);
 htmlWarnBoxSetup(stdout); // sets up the warnBox if it hasn't already been done.
 char warning[1024];
 
 // html-encode arguments to fight XSS
-struct dyString *ds = newDyString(1024);
+struct dyString *ds = dyStringNew(1024);
 vaHtmlDyStringPrintf(ds, format, args);
 int n = ds->stringSize;
 int nLimit = sizeof(warning) - 1;
 if (ds->stringSize > nLimit)
     n = nLimit;
 safencpy(warning, sizeof warning, ds->string, n);
 if (ds->stringSize > nLimit)
     strcpy(warning+n-5,"[...]"); // show truncation
-freeDyString(&ds);
+dyStringFree(&ds);
 
 // Replace newlines with BR tag
 char *warningBR = htmlWarnEncode(warning); 
 
 // Javascript-encode the entire message because it is
 // going to appear as a javascript string literal
 // as it gets appended to the warnList html.
 // JS-encoding here both allows us to use any character in the message
 // and keeps js-encodings in events like onmouseover="stuff %s|js| stuff" secure.
 char *jsEncodedMessage = javascriptEncode (warningBR); 
 freeMem(warningBR);
 struct dyString *dy = dyStringNew(2048);
 dyStringPrintf(dy,
     "showWarnBox();"
     "var warnList=document.getElementById('warnList');"
@@ -1600,34 +1600,34 @@
 }
 
 void htmlDyStringPrintf(struct dyString *ds, char *format, ...)
 /* VarArgs Printf append to dyString
  * Strings are escaped according to format type. */
 {
 va_list args;
 va_start(args, format);
 vaHtmlDyStringPrintf(ds, format, args);
 va_end(args);
 }
 
 void vaHtmlFprintf(FILE *f, char *format, va_list args)
 /* fprintf using html encoding types */
 {
-struct dyString *ds = newDyString(1024);
+struct dyString *ds = dyStringNew(1024);
 vaHtmlDyStringPrintf(ds, format, args);
 fputs(ds->string, f);  // does not append newline
-freeDyString(&ds);
+dyStringFree(&ds);
 }
 
 
 void htmlFprintf(FILE *f, char *format, ...)
 /* fprintf using html encoding types */
 {
 va_list args;
 va_start(args, format);
 vaHtmlFprintf(f, format, args);
 va_end(args);
 }
 
 
 void htmlPrintf(char *format, ...)
 /* fprintf using html encoding types */