From mboxrd@z Thu Jan  1 00:00:00 1970
From: kupcevic@sourceware.org <kupcevic@sourceware.org>
Date: 14 Aug 2006 23:55:50 -0000
Subject: [Cluster-devel] conga/ricci common/XML.cpp common/utils.cpp in ...
Message-ID: <20060814235550.6585.qmail@sourceware.org>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

CVSROOT:	/cvs/cluster
Module name:	conga
Changes by:	kupcevic at sourceware.org	2006-08-14 23:55:48

Modified files:
	ricci/common   : XML.cpp utils.cpp 
	ricci/include  : utils.h 

Log message:
	ricci: escape illegal XML chars, and restore them on retrieval

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/common/XML.cpp.diff?cvsroot=cluster&r1=1.3&r2=1.4
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/common/utils.cpp.diff?cvsroot=cluster&r1=1.5&r2=1.6
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/include/utils.h.diff?cvsroot=cluster&r1=1.4&r2=1.5

--- conga/ricci/common/XML.cpp	2006/08/10 22:53:07	1.3
+++ conga/ricci/common/XML.cpp	2006/08/14 23:55:48	1.4
@@ -23,6 +23,7 @@
 
 #include "XML.h"
 #include "Mutex.h"
+#include "utils.h"
 
 #include <libxml/parser.h>
 #include <libxml/tree.h>
@@ -34,6 +35,15 @@
 using namespace std;
 
 
+
+static String
+escape_chars(const String&);
+static String
+invert_chars(const String&);
+
+
+
+
 XMLObject::XMLObject(const String& elem_name) :
   _tag(elem_name)
 {}
@@ -105,7 +115,7 @@
        iter != attrs().end();
        iter++) {
     const String& name = iter->first;
-    const String& value = iter->second;
+    const String value = escape_chars(iter->second);
     xml += " " + name + "=\"" + value + "\"";
   }
   if (children().empty())
@@ -144,8 +154,12 @@
 	if (curr_attr->type == XML_ATTRIBUTE_NODE) {
 	  const xmlChar* name = curr_attr->name;
 	  const xmlChar* value = xmlGetProp(curr_node, name);
+	  if (!value)
+	    throw String("xmlGetProp() returned NULL!!!");
 	  try {
-	    me.set_attr((const char*) name, (const char*) value);
+	    const String name_str((const char*) name);
+	    const String value_str = invert_chars((const char*) value);
+	    me.set_attr(name_str, value_str);
 	    xmlFree((void*) value);
 	  } catch ( ... ) {
 	    xmlFree((void*) value);
@@ -211,3 +225,47 @@
   
   return xml;
 }
+
+
+
+
+String
+escape_chars(const String& str)
+{
+  const String amp_repl ("______AMP_REPLACEMENT_XML_KOJIKOJIKOJIKO______");
+  const String lt_repl  ("______LT_REPLACEMENT_XML_KOJIKOJIKOJIKO______");
+  const String gt_repl  ("______GT_REPLACEMENT_XML_KOJIKOJIKOJIKO______");
+  const String apos_repl("______APOS_REPLACEMENT_XML_KOJIKOJIKOJIKO______");
+  const String quot_repl("______QUOT_REPLACEMENT_XML_KOJIKOJIKOJIKO______");
+  
+  String ret = utils::replace("&amp;", amp_repl, str);
+  ret = utils::replace("&lt;", lt_repl, ret);
+  ret = utils::replace("&gt;", gt_repl, ret);
+  ret = utils::replace("&apos;", apos_repl, ret);
+  ret = utils::replace("&quot;", quot_repl, ret);
+  
+  ret = utils::replace("&", "&amp;", ret);
+  ret = utils::replace("<", "&lt;", ret);
+  ret = utils::replace(">", "&gt;", ret);
+  ret = utils::replace("'", "&apos;", ret);
+  ret = utils::replace("\"", "&quot;", ret);
+  
+  ret = utils::replace(amp_repl, "&amp;", ret);
+  ret = utils::replace(lt_repl, "&lt;", ret);
+  ret = utils::replace(gt_repl, "&gt;", ret);
+  ret = utils::replace(apos_repl, "&apos;", ret);
+  ret = utils::replace(quot_repl, "&quot;", ret);
+  
+  return ret;
+}
+
+String
+invert_chars(const String& str)
+{
+  String ret = utils::replace("&amp;", "&", str);
+  ret = utils::replace("&lt;", "<", ret);
+  ret = utils::replace("&gt;", ">", ret);
+  ret = utils::replace("&apos;", "'", ret);
+  ret = utils::replace("&quot;", "\"", ret);
+  return ret;
+}
--- conga/ricci/common/utils.cpp	2006/08/10 22:53:07	1.5
+++ conga/ricci/common/utils.cpp	2006/08/14 23:55:48	1.6
@@ -34,6 +34,25 @@
 using namespace std;
 
 
+
+
+
+String 
+utils::replace(const String& what,
+	       const String& with,
+	       const String& in_str)
+{
+  vector<String> v(split(in_str, what));
+  String ret(v[0]);
+  for (vector<String>::size_type i=1;
+       i < v.size();
+       i++) 
+    ret += with + v[i];
+  return ret;
+}
+
+  
+
 String 
 utils::hash_str(const String& txt)
 {
@@ -279,3 +298,7 @@
 std::map<String, exec_cache> 
 utils::cache;
 
+
+
+
+
--- conga/ricci/include/utils.h	2006/08/10 22:53:07	1.4
+++ conga/ricci/include/utils.h	2006/08/14 23:55:48	1.5
@@ -55,6 +55,10 @@
 class utils
 {
  public:
+  static String replace(const String& what,
+			const String& with,
+			const String& in_str);
+  
   static String hash_str(const String& txt);
   
   static String strip(String str)