Fossil SCM
Fix html escaping of TH1 variables. Escaping should be determined by $<a> or $a form, but instead it was based on the relationship between the length of the variable name and the length of the value.
Commit
d81e217651dc68a8f034f396cb6ddb78dfa35ba5
Parent
ae965ddf5dd8142…
1 file changed
+5
-3
+5
-3
| --- src/th_main.c | ||
| +++ src/th_main.c | ||
| @@ -482,25 +482,27 @@ | ||
| 482 | 482 | Th_FossilInit(); |
| 483 | 483 | while( z[i] ){ |
| 484 | 484 | if( z[i]=='$' && (n = validVarName(&z[i+1]))>0 ){ |
| 485 | 485 | const char *zVar; |
| 486 | 486 | int nVar; |
| 487 | + int encode = 1; | |
| 487 | 488 | sendText(z, i, 0); |
| 488 | 489 | if( z[i+1]=='<' ){ |
| 489 | - /* Variables of the form $<aaa> */ | |
| 490 | + /* Variables of the form $<aaa> are html escaped */ | |
| 490 | 491 | zVar = &z[i+2]; |
| 491 | 492 | nVar = n-2; |
| 492 | 493 | }else{ |
| 493 | - /* Variables of the form $aaa */ | |
| 494 | + /* Variables of the form $aaa are output raw */ | |
| 494 | 495 | zVar = &z[i+1]; |
| 495 | 496 | nVar = n; |
| 497 | + encode = 0; | |
| 496 | 498 | } |
| 497 | 499 | rc = Th_GetVar(g.interp, (char*)zVar, nVar); |
| 498 | 500 | z += i+1+n; |
| 499 | 501 | i = 0; |
| 500 | 502 | zResult = (char*)Th_GetResult(g.interp, &n); |
| 501 | - sendText((char*)zResult, n, n>nVar); | |
| 503 | + sendText((char*)zResult, n, encode); | |
| 502 | 504 | }else if( z[i]=='<' && isBeginScriptTag(&z[i]) ){ |
| 503 | 505 | sendText(z, i, 0); |
| 504 | 506 | z += i+5; |
| 505 | 507 | for(i=0; z[i] && (z[i]!='<' || !isEndScriptTag(&z[i])); i++){} |
| 506 | 508 | rc = Th_Eval(g.interp, 0, (const char*)z, i); |
| 507 | 509 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -482,25 +482,27 @@ | |
| 482 | Th_FossilInit(); |
| 483 | while( z[i] ){ |
| 484 | if( z[i]=='$' && (n = validVarName(&z[i+1]))>0 ){ |
| 485 | const char *zVar; |
| 486 | int nVar; |
| 487 | sendText(z, i, 0); |
| 488 | if( z[i+1]=='<' ){ |
| 489 | /* Variables of the form $<aaa> */ |
| 490 | zVar = &z[i+2]; |
| 491 | nVar = n-2; |
| 492 | }else{ |
| 493 | /* Variables of the form $aaa */ |
| 494 | zVar = &z[i+1]; |
| 495 | nVar = n; |
| 496 | } |
| 497 | rc = Th_GetVar(g.interp, (char*)zVar, nVar); |
| 498 | z += i+1+n; |
| 499 | i = 0; |
| 500 | zResult = (char*)Th_GetResult(g.interp, &n); |
| 501 | sendText((char*)zResult, n, n>nVar); |
| 502 | }else if( z[i]=='<' && isBeginScriptTag(&z[i]) ){ |
| 503 | sendText(z, i, 0); |
| 504 | z += i+5; |
| 505 | for(i=0; z[i] && (z[i]!='<' || !isEndScriptTag(&z[i])); i++){} |
| 506 | rc = Th_Eval(g.interp, 0, (const char*)z, i); |
| 507 |
| --- src/th_main.c | |
| +++ src/th_main.c | |
| @@ -482,25 +482,27 @@ | |
| 482 | Th_FossilInit(); |
| 483 | while( z[i] ){ |
| 484 | if( z[i]=='$' && (n = validVarName(&z[i+1]))>0 ){ |
| 485 | const char *zVar; |
| 486 | int nVar; |
| 487 | int encode = 1; |
| 488 | sendText(z, i, 0); |
| 489 | if( z[i+1]=='<' ){ |
| 490 | /* Variables of the form $<aaa> are html escaped */ |
| 491 | zVar = &z[i+2]; |
| 492 | nVar = n-2; |
| 493 | }else{ |
| 494 | /* Variables of the form $aaa are output raw */ |
| 495 | zVar = &z[i+1]; |
| 496 | nVar = n; |
| 497 | encode = 0; |
| 498 | } |
| 499 | rc = Th_GetVar(g.interp, (char*)zVar, nVar); |
| 500 | z += i+1+n; |
| 501 | i = 0; |
| 502 | zResult = (char*)Th_GetResult(g.interp, &n); |
| 503 | sendText((char*)zResult, n, encode); |
| 504 | }else if( z[i]=='<' && isBeginScriptTag(&z[i]) ){ |
| 505 | sendText(z, i, 0); |
| 506 | z += i+5; |
| 507 | for(i=0; z[i] && (z[i]!='<' || !isEndScriptTag(&z[i])); i++){} |
| 508 | rc = Th_Eval(g.interp, 0, (const char*)z, i); |
| 509 |