Fossil SCM
Always HTML-encode the href attribute of <a> elements. This check-in simplifies and fixes double-frees in the previous. Ticket [5ff2043c9668]
Commit
35bfedef3e8e946e244e74fc6bfd4a3b9a94a1ca
Parent
e47d862a59c2548…
2 files changed
+8
-13
+1
-1
+8
-13
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -90,14 +90,13 @@ | ||
| 90 | 90 | va_list ap; |
| 91 | 91 | va_start(ap, zFormat); |
| 92 | 92 | zUrl = vmprintf(zFormat, ap); |
| 93 | 93 | va_end(ap); |
| 94 | 94 | if( g.perm.Hyperlink && !g.javascriptHyperlink ){ |
| 95 | - char *link = htmlize(zUrl, strlen(zUrl)); | |
| 96 | - zUrl = mprintf("<a %s href=\"%z\">", zExtra, link); | |
| 97 | - fossil_free(link); | |
| 98 | - return zUrl; | |
| 95 | + char *zHUrl = mprintf("<a %s href=\"%h\">", zExtra, zUrl); | |
| 96 | + fossil_free(zUrl); | |
| 97 | + return zHUrl; | |
| 99 | 98 | } |
| 100 | 99 | if( nHref>=nHrefAlloc ){ |
| 101 | 100 | nHrefAlloc = nHrefAlloc*2 + 10; |
| 102 | 101 | aHref = fossil_realloc(aHref, nHrefAlloc*sizeof(aHref[0])); |
| 103 | 102 | } |
| @@ -109,14 +108,13 @@ | ||
| 109 | 108 | va_list ap; |
| 110 | 109 | va_start(ap, zFormat); |
| 111 | 110 | zUrl = vmprintf(zFormat, ap); |
| 112 | 111 | va_end(ap); |
| 113 | 112 | if( g.perm.Hyperlink && !g.javascriptHyperlink ){ |
| 114 | - char *link = htmlize(zUrl, strlen(zUrl)); | |
| 115 | - zUrl = mprintf("<a href=\"%z\">", link); | |
| 116 | - fossil_free(link); | |
| 117 | - return zUrl; | |
| 113 | + char *zHUrl = mprintf("<a href=\"%h\">", zUrl); | |
| 114 | + fossil_free(zUrl); | |
| 115 | + return zHUrl; | |
| 118 | 116 | } |
| 119 | 117 | if( nHref>=nHrefAlloc ){ |
| 120 | 118 | nHrefAlloc = nHrefAlloc*2 + 10; |
| 121 | 119 | aHref = fossil_realloc(aHref, nHrefAlloc*sizeof(aHref[0])); |
| 122 | 120 | } |
| @@ -148,18 +146,15 @@ | ||
| 148 | 146 | const char *zTitle, |
| 149 | 147 | const char *zLink, |
| 150 | 148 | ... |
| 151 | 149 | ){ |
| 152 | 150 | va_list ap; |
| 153 | - char *link; | |
| 154 | 151 | assert( nSubmenu < sizeof(aSubmenu)/sizeof(aSubmenu[0]) ); |
| 155 | 152 | aSubmenu[nSubmenu].zLabel = zLabel; |
| 156 | 153 | aSubmenu[nSubmenu].zTitle = zTitle; |
| 157 | 154 | va_start(ap, zLink); |
| 158 | - link = vmprintf(zLink, ap); | |
| 159 | - aSubmenu[nSubmenu].zLink = htmlize(link, strlen(link)); | |
| 160 | - fossil_free(link); | |
| 155 | + aSubmenu[nSubmenu].zLink = vmprintf(zLink, ap); | |
| 161 | 156 | va_end(ap); |
| 162 | 157 | nSubmenu++; |
| 163 | 158 | } |
| 164 | 159 | |
| 165 | 160 | /* |
| @@ -287,11 +282,11 @@ | ||
| 287 | 282 | for(i=0; i<nSubmenu; i++){ |
| 288 | 283 | struct Submenu *p = &aSubmenu[i]; |
| 289 | 284 | if( p->zLink==0 ){ |
| 290 | 285 | @ <span class="label">%h(p->zLabel)</span> |
| 291 | 286 | }else{ |
| 292 | - @ <a class="label" href="%s(p->zLink)">%h(p->zLabel)</a> | |
| 287 | + @ <a class="label" href="%h(p->zLink)">%h(p->zLabel)</a> | |
| 293 | 288 | } |
| 294 | 289 | } |
| 295 | 290 | @ </div> |
| 296 | 291 | } |
| 297 | 292 | style_ad_unit(); |
| 298 | 293 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -90,14 +90,13 @@ | |
| 90 | va_list ap; |
| 91 | va_start(ap, zFormat); |
| 92 | zUrl = vmprintf(zFormat, ap); |
| 93 | va_end(ap); |
| 94 | if( g.perm.Hyperlink && !g.javascriptHyperlink ){ |
| 95 | char *link = htmlize(zUrl, strlen(zUrl)); |
| 96 | zUrl = mprintf("<a %s href=\"%z\">", zExtra, link); |
| 97 | fossil_free(link); |
| 98 | return zUrl; |
| 99 | } |
| 100 | if( nHref>=nHrefAlloc ){ |
| 101 | nHrefAlloc = nHrefAlloc*2 + 10; |
| 102 | aHref = fossil_realloc(aHref, nHrefAlloc*sizeof(aHref[0])); |
| 103 | } |
| @@ -109,14 +108,13 @@ | |
| 109 | va_list ap; |
| 110 | va_start(ap, zFormat); |
| 111 | zUrl = vmprintf(zFormat, ap); |
| 112 | va_end(ap); |
| 113 | if( g.perm.Hyperlink && !g.javascriptHyperlink ){ |
| 114 | char *link = htmlize(zUrl, strlen(zUrl)); |
| 115 | zUrl = mprintf("<a href=\"%z\">", link); |
| 116 | fossil_free(link); |
| 117 | return zUrl; |
| 118 | } |
| 119 | if( nHref>=nHrefAlloc ){ |
| 120 | nHrefAlloc = nHrefAlloc*2 + 10; |
| 121 | aHref = fossil_realloc(aHref, nHrefAlloc*sizeof(aHref[0])); |
| 122 | } |
| @@ -148,18 +146,15 @@ | |
| 148 | const char *zTitle, |
| 149 | const char *zLink, |
| 150 | ... |
| 151 | ){ |
| 152 | va_list ap; |
| 153 | char *link; |
| 154 | assert( nSubmenu < sizeof(aSubmenu)/sizeof(aSubmenu[0]) ); |
| 155 | aSubmenu[nSubmenu].zLabel = zLabel; |
| 156 | aSubmenu[nSubmenu].zTitle = zTitle; |
| 157 | va_start(ap, zLink); |
| 158 | link = vmprintf(zLink, ap); |
| 159 | aSubmenu[nSubmenu].zLink = htmlize(link, strlen(link)); |
| 160 | fossil_free(link); |
| 161 | va_end(ap); |
| 162 | nSubmenu++; |
| 163 | } |
| 164 | |
| 165 | /* |
| @@ -287,11 +282,11 @@ | |
| 287 | for(i=0; i<nSubmenu; i++){ |
| 288 | struct Submenu *p = &aSubmenu[i]; |
| 289 | if( p->zLink==0 ){ |
| 290 | @ <span class="label">%h(p->zLabel)</span> |
| 291 | }else{ |
| 292 | @ <a class="label" href="%s(p->zLink)">%h(p->zLabel)</a> |
| 293 | } |
| 294 | } |
| 295 | @ </div> |
| 296 | } |
| 297 | style_ad_unit(); |
| 298 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -90,14 +90,13 @@ | |
| 90 | va_list ap; |
| 91 | va_start(ap, zFormat); |
| 92 | zUrl = vmprintf(zFormat, ap); |
| 93 | va_end(ap); |
| 94 | if( g.perm.Hyperlink && !g.javascriptHyperlink ){ |
| 95 | char *zHUrl = mprintf("<a %s href=\"%h\">", zExtra, zUrl); |
| 96 | fossil_free(zUrl); |
| 97 | return zHUrl; |
| 98 | } |
| 99 | if( nHref>=nHrefAlloc ){ |
| 100 | nHrefAlloc = nHrefAlloc*2 + 10; |
| 101 | aHref = fossil_realloc(aHref, nHrefAlloc*sizeof(aHref[0])); |
| 102 | } |
| @@ -109,14 +108,13 @@ | |
| 108 | va_list ap; |
| 109 | va_start(ap, zFormat); |
| 110 | zUrl = vmprintf(zFormat, ap); |
| 111 | va_end(ap); |
| 112 | if( g.perm.Hyperlink && !g.javascriptHyperlink ){ |
| 113 | char *zHUrl = mprintf("<a href=\"%h\">", zUrl); |
| 114 | fossil_free(zUrl); |
| 115 | return zHUrl; |
| 116 | } |
| 117 | if( nHref>=nHrefAlloc ){ |
| 118 | nHrefAlloc = nHrefAlloc*2 + 10; |
| 119 | aHref = fossil_realloc(aHref, nHrefAlloc*sizeof(aHref[0])); |
| 120 | } |
| @@ -148,18 +146,15 @@ | |
| 146 | const char *zTitle, |
| 147 | const char *zLink, |
| 148 | ... |
| 149 | ){ |
| 150 | va_list ap; |
| 151 | assert( nSubmenu < sizeof(aSubmenu)/sizeof(aSubmenu[0]) ); |
| 152 | aSubmenu[nSubmenu].zLabel = zLabel; |
| 153 | aSubmenu[nSubmenu].zTitle = zTitle; |
| 154 | va_start(ap, zLink); |
| 155 | aSubmenu[nSubmenu].zLink = vmprintf(zLink, ap); |
| 156 | va_end(ap); |
| 157 | nSubmenu++; |
| 158 | } |
| 159 | |
| 160 | /* |
| @@ -287,11 +282,11 @@ | |
| 282 | for(i=0; i<nSubmenu; i++){ |
| 283 | struct Submenu *p = &aSubmenu[i]; |
| 284 | if( p->zLink==0 ){ |
| 285 | @ <span class="label">%h(p->zLabel)</span> |
| 286 | }else{ |
| 287 | @ <a class="label" href="%h(p->zLink)">%h(p->zLabel)</a> |
| 288 | } |
| 289 | } |
| 290 | @ </div> |
| 291 | } |
| 292 | style_ad_unit(); |
| 293 |
+1
-1
| --- src/url.c | ||
| +++ src/url.c | ||
| @@ -352,11 +352,11 @@ | ||
| 352 | 352 | z = zValue2; |
| 353 | 353 | if( z==0 ) continue; |
| 354 | 354 | } |
| 355 | 355 | blob_appendf(&p->url, "%s%s", zSep, p->azName[i]); |
| 356 | 356 | if( z && z[0] ) blob_appendf(&p->url, "=%T", z); |
| 357 | - zSep = "&"; | |
| 357 | + zSep = "&"; | |
| 358 | 358 | } |
| 359 | 359 | if( zName1 && zValue1 ){ |
| 360 | 360 | blob_appendf(&p->url, "%s%s", zSep, zName1); |
| 361 | 361 | if( zValue1[0] ) blob_appendf(&p->url, "=%T", zValue1); |
| 362 | 362 | } |
| 363 | 363 |
| --- src/url.c | |
| +++ src/url.c | |
| @@ -352,11 +352,11 @@ | |
| 352 | z = zValue2; |
| 353 | if( z==0 ) continue; |
| 354 | } |
| 355 | blob_appendf(&p->url, "%s%s", zSep, p->azName[i]); |
| 356 | if( z && z[0] ) blob_appendf(&p->url, "=%T", z); |
| 357 | zSep = "&"; |
| 358 | } |
| 359 | if( zName1 && zValue1 ){ |
| 360 | blob_appendf(&p->url, "%s%s", zSep, zName1); |
| 361 | if( zValue1[0] ) blob_appendf(&p->url, "=%T", zValue1); |
| 362 | } |
| 363 |
| --- src/url.c | |
| +++ src/url.c | |
| @@ -352,11 +352,11 @@ | |
| 352 | z = zValue2; |
| 353 | if( z==0 ) continue; |
| 354 | } |
| 355 | blob_appendf(&p->url, "%s%s", zSep, p->azName[i]); |
| 356 | if( z && z[0] ) blob_appendf(&p->url, "=%T", z); |
| 357 | zSep = "&"; |
| 358 | } |
| 359 | if( zName1 && zValue1 ){ |
| 360 | blob_appendf(&p->url, "%s%s", zSep, zName1); |
| 361 | if( zValue1[0] ) blob_appendf(&p->url, "=%T", zValue1); |
| 362 | } |
| 363 |