From mboxrd@z Thu Jan  1 00:00:00 1970
From: Fabio M. Di Nitto <fdinitto@redhat.com>
Date: Thu,  4 Aug 2011 12:23:59 +0200
Subject: [Cluster-devel] [PATCH] config: fix escaping of xml special
	characters
Message-ID: <1312453439-13320-1-git-send-email-fdinitto@redhat.com>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

when transforming config data from objdb to xml, we need to parse CDATA sections
for &<>"' chars and make sure the are correctly transformed into escaped versions
or xml parser will refuse to load.

Resolves: rhbz#726065

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
 config/libs/libccsconfdb/fullxpath.c |   34 +++++++++++++++++++++++++++++++++-
 config/tools/xml/ccs_config_dump.c   |   28 +++++++++++++++++++++++++++-
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/config/libs/libccsconfdb/fullxpath.c b/config/libs/libccsconfdb/fullxpath.c
index 994c8d8..577c74a 100644
--- a/config/libs/libccsconfdb/fullxpath.c
+++ b/config/libs/libccsconfdb/fullxpath.c
@@ -73,10 +73,42 @@ static int dump_objdb_buff(confdb_handle_t dump_handle, hdb_handle_t cluster_han
 		confdb_key_iter(dump_handle, parent_object_handle, key_name,
 				&key_name_len, key_value,
 				&key_value_len)) == CS_OK) {
+		int char_pos = 0;
 		key_name[key_name_len] = '\0';
 		key_value[key_value_len] = '\0';
 
-		snprintf(temp, PATH_MAX - 1, " %s=\"%s\"", key_name, key_value);
+		snprintf(temp, PATH_MAX - 1, " %s=\"", key_name);
+		if (add_to_buffer(temp, buffer, bufsize))
+			return -1;
+
+		for (char_pos = 0; char_pos < key_value_len-1; char_pos++) {
+			switch (key_value[char_pos]) {
+
+			case '&':
+				snprintf(temp, PATH_MAX - 1, "&amp;");
+				break;
+			case '<':
+				snprintf(temp, PATH_MAX - 1, "&lt;");
+				break; 
+			case '>':
+				snprintf(temp, PATH_MAX - 1, "&gt;");
+				break; 
+			case '"':
+				snprintf(temp, PATH_MAX - 1, "&quot;");
+				break;
+			case '\'':
+				snprintf(temp, PATH_MAX - 1, "&apos;");
+				break;
+			default:
+				temp[0] = key_value[char_pos];
+				temp[1] = '\0';
+				break;
+			}
+			if (add_to_buffer(temp, buffer, bufsize))
+				return -1;
+		}
+
+		snprintf(temp, PATH_MAX - 1, "\"");
 		if (add_to_buffer(temp, buffer, bufsize))
 			return -1;
 	}
diff --git a/config/tools/xml/ccs_config_dump.c b/config/tools/xml/ccs_config_dump.c
index b6fe742..74c33c2 100644
--- a/config/tools/xml/ccs_config_dump.c
+++ b/config/tools/xml/ccs_config_dump.c
@@ -25,9 +25,35 @@ static int dump_objdb_buff(confdb_handle_t dump_handle, hdb_handle_t cluster_han
 	while (confdb_key_iter(dump_handle, parent_object_handle, key_name,
 				&key_name_len, key_value,
 				&key_value_len) == CS_OK) {
+		int char_pos = 0;
+
 		key_name[key_name_len] = '\0';
 		key_value[key_value_len] = '\0';
-		printf(" %s=\"%s\"", key_name, key_value);
+		printf(" %s=\"", key_name);
+		for (char_pos = 0; char_pos < key_value_len-1; char_pos++) {
+			switch (key_value[char_pos]) {
+
+			case '&':
+				printf("&amp;");
+				break;
+			case '<':
+				printf("&lt;");
+				break; 
+			case '>':
+				printf("&gt;");
+				break; 
+			case '"':
+				printf("&quot;");
+				break;
+			case '\'':
+				printf("&apos;");
+				break;
+			default:
+				putchar(key_value[char_pos]);
+				break;
+			}
+		}
+		printf("\"");
 	}
 
 	if (confdb_object_iter_start(dump_handle, parent_object_handle) != CS_OK)
-- 
1.7.4.4