Changeset 301
- Timestamp:
- 25/07/07 10:28:33 (16 months ago)
- Files:
-
- 1 modified
-
trunk/sx/callback.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/sx/callback.c
r299 r301 21 21 #include "sx.h" 22 22 23 /* check for unescaped predefined entities */24 int _sx_check_unescaped_entities(char *str, int len) {25 char *c;26 int ret = 0;27 28 if(len > 0) str = strndup(str, len);29 30 if(strchr(str, '<')) ret = 1;31 if(strchr(str, '>')) ret = 1;32 if(strchr(str, '\'')) ret = 1;33 if(strchr(str, '"')) ret = 1;34 if((c = strchr(str, '&'))35 && strcmp("<",c) && strcmp(">",c) && strcmp("&",c)36 && strcmp("'",c) && strcmp(""",c)) ret = 1;37 38 if(len > 0) free(str);39 return ret;40 }41 42 23 /** primary expat callbacks */ 43 24 void _sx_element_start(void *arg, const char *name, const char **atts) { 44 25 sx_t s = (sx_t) arg; 45 sx_error_t sxe;46 26 char buf[1024]; 47 27 char *uri, *elem, *prefix; … … 116 96 } 117 97 118 if(_sx_check_unescaped_entities((char *) attr[1], -1)) {119 _sx_gen_error(sxe, SX_ERR_STREAM, "Stream error", "Unescaped predefined entity");120 _sx_event(s, event_ERROR, (void *) &sxe);121 _sx_error(s, stream_err_RESTRICTED_XML, NULL);122 s->fail = 1;123 return;124 }125 126 98 /* add it */ 127 99 nad_append_attr(s->nad, ns, elem, (char *) attr[1]); … … 153 125 void _sx_cdata(void *arg, const char *str, int len) { 154 126 sx_t s = (sx_t) arg; 155 sx_error_t sxe;156 127 157 128 if(s->fail) return; … … 160 131 if(s->nad == NULL) 161 132 return; 162 163 if(_sx_check_unescaped_entities((char *) str, len)) {164 _sx_gen_error(sxe, SX_ERR_STREAM, "Stream error", "Unescaped predefined entity");165 _sx_event(s, event_ERROR, (void *) &sxe);166 _sx_error(s, stream_err_RESTRICTED_XML, NULL);167 s->fail = 1;168 return;169 }170 133 171 134 /* go */
