From 15ad1d5eb2fb1b4fe89cc61e19f7618424394bf9 Mon Sep 17 00:00:00 2001 From: Nick Kew Date: Wed, 31 Dec 2008 02:27:24 +0000 Subject: [PATCH] Add support for escaping all non-ascii chars to ap_escape_html, and use it to fix PR#25202: encoding="entity" doesn't work as advertised in mod_include. For backport, this'll need an ABI-preserving version that'll be a minor MMN bump. But if we do that in /trunk/, it'll never change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@730296 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 6 ++++++ include/ap_mmn.h | 2 ++ include/httpd.h | 10 +++++++++- modules/filters/mod_include.c | 3 ++- server/util.c | 10 ++++++++-- 5 files changed, 27 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 1a057604c8..b309d639b5 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,12 @@ Changes with Apache 2.3.1 [ When backported to 2.2.x, remove entry from this file ] + *) mod_include: support generating non-ASCII characters as entities in SSI + PR 25202 [Nick Kew] + + *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars + PR 25202 [Nick Kew] + *) mod_rewrite: fix "B" flag breakage by reverting r5589343 PR 45529 [Bob Ionescu ] diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 0055cba4f3..42a454eb0d 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -184,6 +184,8 @@ * 20081201.0 (2.3.0-dev) Rename several APIs to include ap_ prefix. * 20081201.1 (2.3.0-dev) Added ap_args_to_table and ap_body_to_table. * 20081212.0 (2.3.0-dev) Remove sb_type from process_score in scoreboard.h. + * 20081231.0 (2.3.0-dev) Switch ap_escape_html API: add ap_escape_html2, + * and make ap_escape_html a macro for it. */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ diff --git a/include/httpd.h b/include/httpd.h index 876a5b1647..c2d4fcc513 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -1519,7 +1519,15 @@ AP_DECLARE(char *) ap_os_escape_path(apr_pool_t *p, const char *path, int partia * @param s The html to escape * @return The escaped string */ -AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s); +#define ap_escape_html(p,s) ap_escape_html2(p,s,0) +/** + * Escape an html string + * @param p The pool to allocate from + * @param s The html to escape + * @param toasc Whether to escape all non-ASCII chars to &#nnn; + * @return The escaped string + */ +AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc); /** * Escape a string for logging diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c index bf7aa76f62..302155e23b 100644 --- a/modules/filters/mod_include.c +++ b/modules/filters/mod_include.c @@ -1192,7 +1192,8 @@ static apr_status_t handle_echo(include_ctx_t *ctx, ap_filter_t *f, echo_text = ap_escape_uri(ctx->dpool, val); break; case E_ENTITY: - echo_text = ap_escape_html(ctx->dpool, val); + /* PR#25202: escape anything non-ascii here */ + echo_text = ap_escape_html2(ctx->dpool, val, 1); break; } diff --git a/server/util.c b/server/util.c index 795cbcb2d2..d476e54dbb 100644 --- a/server/util.c +++ b/server/util.c @@ -1738,7 +1738,7 @@ AP_DECLARE(char *) ap_os_escape_path(apr_pool_t *p, const char *path, int partia /* ap_escape_uri is now a macro for os_escape_path */ -AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s) +AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc) { int i, j; char *x; @@ -1751,6 +1751,8 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s) j += 4; else if (s[i] == '"') j += 5; + else if (toasc && !apr_isascii(s[i])) + j += 5; if (j == 0) return apr_pstrmemdup(p, s, i); @@ -1773,13 +1775,17 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s) memcpy(&x[j], """, 6); j += 5; } + else if (toasc && !apr_isascii(s[i])) { + char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]); + memcpy(&x[j], esc, 6); + j += 5; + } else x[j] = s[i]; x[j] = '\0'; return x; } - AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str) { char *ret; -- 2.50.1