diff options
| author |  Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-27 07:58:41 -0800 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2013-02-27 08:27:20 -0800 |
| commit | b54dacbeb2f8711495bb4998d5a94268d47804b2 (patch) | |
| tree | ef833fd03acfa0e08185b9dca4ef7bdc8a7ad1bb /save-xml.c | |
| parent | eb3376d612d836c1343f9140dcb67b8bc32f5d33 (diff) | |
| download | subsurface-b54dacbeb2f8711495bb4998d5a94268d47804b2.tar.gz | |
Ensure all strings stored in XML are escaped correctly
This does escaping / quoting for everything I found. Some of it was safe
(the divecomputer model is supplied from libdivecomputer, and none of them
have single quotes _yet_, afaik), but with this there are no '%s' strings
left except for the ones used by the helper functions (for "pre" and
"post" strings).
It also takes some of our existing uses of show_utf8(), and removes
the redundant "check if the string is NULL or empty". show_utf8() does
that internally.
Fixes #73
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
Diffstat (limited to 'save-xml.c')
| -rw-r--r-- | save-xml.c | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/save-xml.c b/save-xml.c index b3bf9701d..0685c9fd1 100644 --- a/save-xml.c +++ b/save-xml.c @@ -288,8 +288,7 @@ static void save_cylinder_info(FILE *f, struct dive *dive) if (volume) show_milli(f, " size='", volume, " l", "'"); show_pressure(f, cylinder->type.workingpressure, " workpressure='", "'"); - if (description && *description) - fprintf(f, " description='%s'", description); + show_utf8(f, description, " description='", "'", 1); if (o2) { fprintf(f, " o2='%u.%u%%'", FRACTION(o2, 10)); if (he) @@ -315,8 +314,7 @@ static void save_weightsystem_info(FILE *f, struct dive *dive) return; fprintf(f, " <weightsystem"); show_milli(f, " weight='", grams, " kg", "'"); - if (description && *description) - fprintf(f, " description='%s'", description); + show_utf8(f, description, " description='", "'", 1); fprintf(f, " />\n"); } } @@ -418,8 +416,7 @@ static void save_samples(FILE *f, int nr, struct sample *s) static void save_dc(FILE *f, struct dive *dive, struct divecomputer *dc) { fprintf(f, " <divecomputer"); - if (dc->model) - show_utf8(f, dc->model, " model='", "'", 1); + show_utf8(f, dc->model, " model='", "'", 1); if (dc->deviceid) fprintf(f, " deviceid='%08x'", dc->deviceid); if (dc->diveid) @@ -478,11 +475,9 @@ static void save_trip(FILE *f, dive_trip_t *trip) fprintf(f, "<trip"); show_date(f, trip->when); - if (trip->location) - show_utf8(f, trip->location, " location=\'","\'", 1); + show_utf8(f, trip->location, " location=\'","\'", 1); fprintf(f, ">\n"); - if (trip->notes) - show_utf8(f, trip->notes, "<notes>","</notes>\n", 0); + show_utf8(f, trip->notes, "<notes>","</notes>\n", 0); /* * Incredibly cheesy: we want to save the dives sorted, and they @@ -523,13 +518,12 @@ static void save_one_device(FILE *f, struct device_info *info) if (!serial_nr && !nickname && !firmware) return; - fprintf(f, "<divecomputerid model='%s' deviceid='%08x'", info->model, info->deviceid); - if (serial_nr) - show_utf8(f, serial_nr, " serial='", "'", 1); - if (firmware) - show_utf8(f, firmware, " firmware='", "'", 1); - if (nickname) - show_utf8(f, nickname, " nickname='", "'", 1); + fprintf(f, "<divecomputerid"); + show_utf8(f, info->model, " model='", "'", 1); + fprintf(f, " deviceid='%08x'", info->deviceid); + show_utf8(f, serial_nr, " serial='", "'", 1); + show_utf8(f, firmware, " firmware='", "'", 1); + show_utf8(f, nickname, " nickname='", "'", 1); fprintf(f, "/>\n"); } |