mifr/subsurface
1
0
Fork 0
mirror of https://github.com/subsurface/subsurface.git synced 2025-02-19 22:16:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Ensure all strings stored in XML are escaped correctly

Browse source 
This does escaping / quoting for everything I found. Some of it was safe
(the divecomputer model is supplied from libdivecomputer, and none of them
have single quotes _yet_, afaik), but with this there are no '%s' strings
left except for the ones used by the helper functions (for "pre" and
"post" strings).

It also takes some of our existing uses of show_utf8(), and removes
the redundant "check if the string is NULL or empty". show_utf8() does
that internally.

Fixes #73

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
This commit is contained in:
Linus Torvalds 2013-02-27 07:58:41 -08:00 committed by Dirk Hohndel
parent eb3376d612
commit b54dacbeb2
1 changed files with 11 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
save-xml.c
View file

@ -288,8 +288,7 @@ static void save_cylinder_info(FILE *f, struct dive *dive)
if (volume) if (volume)
show_milli(f, " size='", volume, " l", "'"); show_milli(f, " size='", volume, " l", "'");
show_pressure(f, cylinder->type.workingpressure, " workpressure='", "'"); show_pressure(f, cylinder->type.workingpressure, " workpressure='", "'");
if (description && *description) show_utf8(f, description, " description='", "'", 1);
fprintf(f, " description='%s'", description);
if (o2) { if (o2) {
fprintf(f, " o2='%u.%u%%'", FRACTION(o2, 10)); fprintf(f, " o2='%u.%u%%'", FRACTION(o2, 10));
if (he) if (he)
@ -315,8 +314,7 @@ static void save_weightsystem_info(FILE *f, struct dive *dive)
return; return;
fprintf(f, " <weightsystem"); fprintf(f, " <weightsystem");
show_milli(f, " weight='", grams, " kg", "'"); show_milli(f, " weight='", grams, " kg", "'");
if (description && *description) show_utf8(f, description, " description='", "'", 1);
fprintf(f, " description='%s'", description);
fprintf(f, " />\n"); fprintf(f, " />\n");
} }
} }
@ -418,8 +416,7 @@ static void save_samples(FILE *f, int nr, struct sample *s)
static void save_dc(FILE *f, struct dive *dive, struct divecomputer *dc) static void save_dc(FILE *f, struct dive *dive, struct divecomputer *dc)
{ {
fprintf(f, " <divecomputer"); fprintf(f, " <divecomputer");
if (dc->model) show_utf8(f, dc->model, " model='", "'", 1);
show_utf8(f, dc->model, " model='", "'", 1);
if (dc->deviceid) if (dc->deviceid)
fprintf(f, " deviceid='%08x'", dc->deviceid); fprintf(f, " deviceid='%08x'", dc->deviceid);
if (dc->diveid) if (dc->diveid)
@ -478,11 +475,9 @@ static void save_trip(FILE *f, dive_trip_t *trip)
fprintf(f, "<trip"); fprintf(f, "<trip");
show_date(f, trip->when); show_date(f, trip->when);
if (trip->location) show_utf8(f, trip->location, " location=\'","\'", 1);
show_utf8(f, trip->location, " location=\'","\'", 1);
fprintf(f, ">\n"); fprintf(f, ">\n");
if (trip->notes) show_utf8(f, trip->notes, "<notes>","</notes>\n", 0);
show_utf8(f, trip->notes, "<notes>","</notes>\n", 0);
/* /*
* Incredibly cheesy: we want to save the dives sorted, and they * Incredibly cheesy: we want to save the dives sorted, and they
@ -523,13 +518,12 @@ static void save_one_device(FILE *f, struct device_info *info)
if (!serial_nr && !nickname && !firmware) if (!serial_nr && !nickname && !firmware)
return; return;
fprintf(f, "<divecomputerid model='%s' deviceid='%08x'", info->model, info->deviceid); fprintf(f, "<divecomputerid");
if (serial_nr) show_utf8(f, info->model, " model='", "'", 1);
show_utf8(f, serial_nr, " serial='", "'", 1); fprintf(f, " deviceid='%08x'", info->deviceid);
if (firmware) show_utf8(f, serial_nr, " serial='", "'", 1);
show_utf8(f, firmware, " firmware='", "'", 1); show_utf8(f, firmware, " firmware='", "'", 1);
if (nickname) show_utf8(f, nickname, " nickname='", "'", 1);
show_utf8(f, nickname, " nickname='", "'", 1);
fprintf(f, "/>\n"); fprintf(f, "/>\n");
} }