Add support for escaping all non-ascii chars to ap_escape_html, and use

it to fix PR#25202: encoding="entity" doesn't work as advertised in
mod_include.
For backport, this'll need an ABI-preserving version that'll be
a minor MMN bump.  But if we do that in /trunk/, it'll never change.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@730296 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 1a057604c808a972b5b6687d8dc5310546b7d548..b309d639b5a3156863949074fbcc4219916d0af7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,12 @@
 Changes with Apache 2.3.1
 [ When backported to 2.2.x, remove entry from this file ]
 
+ *) mod_include: support generating non-ASCII characters as entities in SSI
+    PR 25202 [Nick Kew]
+
+ *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
+    PR 25202 [Nick Kew]
+
  *) mod_rewrite: fix "B" flag breakage by reverting r5589343
     PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
 

diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 0055cba4f3a00452684a34f94dd10ae9669e209f..42a454eb0dbb297cb4ccdc9c25e97b827853388a 100644 (file)
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -184,6 +184,8 @@
  * 20081201.0 (2.3.0-dev)  Rename several APIs to include ap_ prefix.
  * 20081201.1 (2.3.0-dev)  Added ap_args_to_table and ap_body_to_table.
  * 20081212.0 (2.3.0-dev)  Remove sb_type from process_score in scoreboard.h.
+ * 20081231.0 (2.3.0-dev)  Switch ap_escape_html API: add ap_escape_html2,
+ *                         and make ap_escape_html a macro for it.
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */

diff --git a/include/httpd.h b/include/httpd.h
index 876a5b1647b785bc8310a9b27495a26daecd0fe1..c2d4fcc5135634339bc517ed01a64c2b5043ce7e 100644 (file)
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1519,7 +1519,15 @@ AP_DECLARE(char *) ap_os_escape_path(apr_pool_t *p, const char *path, int partia
  * @param s The html to escape
  * @return The escaped string
  */
-AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s);
+#define ap_escape_html(p,s) ap_escape_html2(p,s,0)
+/**
+ * Escape an html string
+ * @param p The pool to allocate from
+ * @param s The html to escape
+ * @param toasc Whether to escape all non-ASCII chars to &#nnn;
+ * @return The escaped string
+ */
+AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc);
 
 /**
  * Escape a string for logging

diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c
index bf7aa76f621970b5dada871cb54baf6a020da5ff..302155e23ba6450ffa0aeea83e7b06cadff160b7 100644 (file)
--- a/modules/filters/mod_include.c
+++ b/modules/filters/mod_include.c
@@ -1192,7 +1192,8 @@ static apr_status_t handle_echo(include_ctx_t *ctx, ap_filter_t *f,
                     echo_text = ap_escape_uri(ctx->dpool, val);
                     break;
                 case E_ENTITY:
-                    echo_text = ap_escape_html(ctx->dpool, val);
+                    /* PR#25202: escape anything non-ascii here */
+                    echo_text = ap_escape_html2(ctx->dpool, val, 1);
                     break;
                 }
 

diff --git a/server/util.c b/server/util.c
index 795cbcb2d28d332b3ee00ee78e11908cad40c0b4..d476e54dbb18da635b81e1176a67f173c6e5b755 100644 (file)
--- a/server/util.c
+++ b/server/util.c
@@ -1738,7 +1738,7 @@ AP_DECLARE(char *) ap_os_escape_path(apr_pool_t *p, const char *path, int partia
 
 /* ap_escape_uri is now a macro for os_escape_path */
 
-AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
+AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc)
 {
     int i, j;
     char *x;
@@ -1751,6 +1751,8 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
             j += 4;
         else if (s[i] == '"')
             j += 5;
+        else if (toasc && !apr_isascii(s[i]))
+            j += 5;
 
     if (j == 0)
         return apr_pstrmemdup(p, s, i);
@@ -1773,13 +1775,17 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
             memcpy(&x[j], """, 6);
             j += 5;
         }
+        else if (toasc && !apr_isascii(s[i])) {
+            char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]);
+            memcpy(&x[j], esc, 6);
+            j += 5;
+        }
         else
             x[j] = s[i];
 
     x[j] = '\0';
     return x;
 }
-
 AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str)
 {
     char *ret;