From fbe1fcff7957927cac490bb2ec857700ea1c4d4b Mon Sep 17 00:00:00 2001
From: ellson <devnull@localhost>
Date: Sun, 12 Dec 2010 05:47:26 +0000
Subject: [PATCH] fix no-no usage of gvprintf() with user input strings --
 fixes bug #2087

---
 plugin/core/gvrender_core_svg.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/plugin/core/gvrender_core_svg.c b/plugin/core/gvrender_core_svg.c
index 15198140e..9aada6aaa 100644
--- a/plugin/core/gvrender_core_svg.c
+++ b/plugin/core/gvrender_core_svg.c
@@ -282,21 +282,32 @@ svg_begin_anchor(GVJ_t * job, char *href, char *tooltip, char *target, char *id)
     /* the svg spec implies this can be omitted: http://www.w3.org/TR/SVG/linking.html#Links */
     gvputs(job, " xlink:type=\"simple\"");
 #endif
-    if (href && href[0])
-	gvprintf(job, " xlink:href=\"%s\"", xml_url_string(href));
+    if (href && href[0]) {
+	gvputs(job, " xlink:href=\"");
+	gvputs(job, xml_url_string(href));
+	gvputs(job, "\"");
+    }
 #if 0
     /* linking to itself, just so that it can have a xlink:link in the anchor, seems wrong.
      * it changes the behavior in browsers, the link apears in the bottom information bar
      */
     else {
         assert (id && id[0]); /* there should always be an id available */
-	gvprintf(job, " xlink:href=\"#%s\"", xml_url_string(id));
+	gvputs(job, " xlink:href=\"#");
+        gvputs(job, xml_url_string(href));
+        gvputs(job, "\"");
     }
 #endif
-    if (tooltip && tooltip[0])
-	gvprintf(job, " xlink:title=\"%s\"", xml_string(tooltip));
-    if (target && target[0])
-	gvprintf(job, " target=\"%s\"", xml_string(target));
+    if (tooltip && tooltip[0]) {
+        gvputs(job, " xlink:title=\"");
+	gvputs(job, xml_string(tooltip));
+	gvputs(job, "\"");
+    }
+    if (target && target[0]) {
+	gvputs(job, " target=\"");
+	gvputs(job, xml_string(target));
+	gvputs(job, "\"");
+    }
     gvputs(job, ">\n");
 }
 
-- 
2.40.0