From 7a7bdcfa689afb489d0f0e60f200287d12a80ae5 Mon Sep 17 00:00:00 2001 From: Darold Gilles Date: Wed, 26 Jun 2013 15:13:51 +0200 Subject: [PATCH] Fix HTML escaping on all pending cases. Thanks to Mael Rimbault for the report. --- pgbadger | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/pgbadger b/pgbadger index 930bb7a..27a54ea 100755 --- a/pgbadger +++ b/pgbadger @@ -4391,6 +4391,13 @@ sub dump_error_as_html &html_footer(); } +sub escape_html +{ + $_[0] =~ s/<([\/a-zA-Z][\s\t\>]*)/\<$1/sg; + + return $_[0]; +} + sub show_error_as_html { @@ -4435,7 +4442,7 @@ sub show_error_as_html $msg =~ s/ERROR: (database system was interrupted while in recovery)/LOG: $1/; $msg =~ s/ERROR: (recovery has paused)/LOG: $1/; # Escape HTML code in error message - $msg =~ s/<([\/a-zA-Z])\b/\<$1/sg; + $msg = &escape_html($msg); print $fh "
$msg
"; print $fh "
"; @@ -4449,7 +4456,8 @@ sub show_error_as_html $logs_type{LOG}++; } # Escape HTML code in error message - $error_info{$k}{statement}[$i] =~ s/<([\/a-zA-Z])\b/\<$1/sg if ($error_info{$k}{statement}[$i]); + $error_info{$k}{error}[$i] = &escape_html($error_info{$k}{error}[$i]); + $error_info{$k}{statement}[$i] = &escape_html($error_info{$k}{statement}[$i]); my $c = $i % 2; print $fh "
$error_info{$k}{error}[$i]
\n"; @@ -4473,7 +4481,8 @@ sub show_error_as_html $logs_type{LOG}++; } # Escape HTML code in error message - $error_info{$k}{statement}[0] =~ s/<([\/a-zA-Z])\b/\<$1/sg if ($error_info{$k}{statement}[0]); + $error_info{$k}{error}[0] = &escape_html($error_info{$k}{error}[0]); + $error_info{$k}{statement}[0] = &escape_html($error_info{$k}{statement}[0]); print $fh "
$error_info{$k}{error}[0]
"; print $fh "
Detail: $error_info{$k}{detail}[0]
\n" if ($error_info{$k}{detail}[0]); @@ -4991,7 +5000,7 @@ sub highlight_code my $code = shift; # Escape HTML code into SQL values - $code =~ s/<([\/a-zA-Z])\b/\<$1/sg; + $code = &escape_html($code); # Do not try to prettify queries longuer # than 10KB this will take too much time -- 2.40.0