Fossil SCM
When parsing HTML attribute values in Fossil Wiki formatting, do not allow quoting characters inside of non-quoted values.
Commit
b07834b386f02f7368c4ef3be2a08dd8eb192b960289f256c0d6e8c0feb5de0e
Parent
db865174a03ee9d…
1 file changed
+4
-1
+4
-1
| --- src/wikiformat.c | ||
| +++ src/wikiformat.c | ||
| @@ -827,11 +827,14 @@ | ||
| 827 | 827 | i++; |
| 828 | 828 | zValue = &z[i]; |
| 829 | 829 | while( z[i] && z[i]!='\'' ){ i++; } |
| 830 | 830 | }else{ |
| 831 | 831 | zValue = &z[i]; |
| 832 | - while( !fossil_isspace(z[i]) && z[i]!='>' ){ z++; } | |
| 832 | + while( !fossil_isspace(z[i]) && z[i]!='>' ){ | |
| 833 | + if( z[i]!='\'' && z[i]!='"' ) attrOk = 0; | |
| 834 | + z++; | |
| 835 | + } | |
| 833 | 836 | } |
| 834 | 837 | if( attrOk ){ |
| 835 | 838 | p->aAttr[p->nAttr].zValue = zValue; |
| 836 | 839 | p->aAttr[p->nAttr].cTerm = c = z[i]; |
| 837 | 840 | if( z[i]==0 ){ |
| 838 | 841 |
| --- src/wikiformat.c | |
| +++ src/wikiformat.c | |
| @@ -827,11 +827,14 @@ | |
| 827 | i++; |
| 828 | zValue = &z[i]; |
| 829 | while( z[i] && z[i]!='\'' ){ i++; } |
| 830 | }else{ |
| 831 | zValue = &z[i]; |
| 832 | while( !fossil_isspace(z[i]) && z[i]!='>' ){ z++; } |
| 833 | } |
| 834 | if( attrOk ){ |
| 835 | p->aAttr[p->nAttr].zValue = zValue; |
| 836 | p->aAttr[p->nAttr].cTerm = c = z[i]; |
| 837 | if( z[i]==0 ){ |
| 838 |
| --- src/wikiformat.c | |
| +++ src/wikiformat.c | |
| @@ -827,11 +827,14 @@ | |
| 827 | i++; |
| 828 | zValue = &z[i]; |
| 829 | while( z[i] && z[i]!='\'' ){ i++; } |
| 830 | }else{ |
| 831 | zValue = &z[i]; |
| 832 | while( !fossil_isspace(z[i]) && z[i]!='>' ){ |
| 833 | if( z[i]!='\'' && z[i]!='"' ) attrOk = 0; |
| 834 | z++; |
| 835 | } |
| 836 | } |
| 837 | if( attrOk ){ |
| 838 | p->aAttr[p->nAttr].zValue = zValue; |
| 839 | p->aAttr[p->nAttr].cTerm = c = z[i]; |
| 840 | if( z[i]==0 ){ |
| 841 |