From: ellson <devnull@localhost>
Date: Sun, 12 Dec 2010 05:47:26 +0000 (+0000)
Subject: fix no-no usage of gvprintf() with user input strings -- fixes bug #2087
X-Git-Tag: LAST_LIBGRAPH~32^2~1130
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fbe1fcff7957927cac490bb2ec857700ea1c4d4b;p=graphviz

fix no-no usage of gvprintf() with user input strings -- fixes bug #2087
---

diff --git a/plugin/core/gvrender_core_svg.c b/plugin/core/gvrender_core_svg.c
index 15198140e..9aada6aaa 100644
--- a/plugin/core/gvrender_core_svg.c
+++ b/plugin/core/gvrender_core_svg.c
@@ -282,21 +282,32 @@ svg_begin_anchor(GVJ_t * job, char *href, char *tooltip, char *target, char *id)
     /* the svg spec implies this can be omitted: http://www.w3.org/TR/SVG/linking.html#Links */
     gvputs(job, " xlink:type=\"simple\"");
 #endif
-    if (href && href[0])
-	gvprintf(job, " xlink:href=\"%s\"", xml_url_string(href));
+    if (href && href[0]) {
+	gvputs(job, " xlink:href=\"");
+	gvputs(job, xml_url_string(href));
+	gvputs(job, "\"");
+    }
 #if 0
     /* linking to itself, just so that it can have a xlink:link in the anchor, seems wrong.
      * it changes the behavior in browsers, the link apears in the bottom information bar
      */
     else {
         assert (id && id[0]); /* there should always be an id available */
-	gvprintf(job, " xlink:href=\"#%s\"", xml_url_string(id));
+	gvputs(job, " xlink:href=\"#");
+        gvputs(job, xml_url_string(href));
+        gvputs(job, "\"");
     }
 #endif
-    if (tooltip && tooltip[0])
-	gvprintf(job, " xlink:title=\"%s\"", xml_string(tooltip));
-    if (target && target[0])
-	gvprintf(job, " target=\"%s\"", xml_string(target));
+    if (tooltip && tooltip[0]) {
+        gvputs(job, " xlink:title=\"");
+	gvputs(job, xml_string(tooltip));
+	gvputs(job, "\"");
+    }
+    if (target && target[0]) {
+	gvputs(job, " target=\"");
+	gvputs(job, xml_string(target));
+	gvputs(job, "\"");
+    }
     gvputs(job, ">\n");
 }