From d739c65e54c38b25c7be5753a83de4621308281c Mon Sep 17 00:00:00 2001 From: Marvin Scholz Date: Mon, 8 Feb 2016 23:02:02 +0100 Subject: [PATCH] Fix invalid entities in listclient xml This fixes a bug where listener Referer or User-Agent strings containing a sequence like `&T;` was not escaped properly and therefore made the whole XML document invalid. Injecting new XML nodes () was not possible, it seems in the worse case all it could cause was that the XML failed to parse. Fix #2255 --- src/admin.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/admin.c b/src/admin.c index c455214..2c115e4 100644 --- a/src/admin.c +++ b/src/admin.c @@ -680,20 +680,20 @@ static inline xmlNodePtr __add_listener(client_t *client, tmp = httpp_getvar(client->parser, "user-agent"); if (tmp) - xmlNewChild(node, NULL, XMLSTR(mode == OMODE_LEGACY ? "UserAgent" : "useragent"), XMLSTR(tmp)); + xmlNewTextChild(node, NULL, XMLSTR(mode == OMODE_LEGACY ? "UserAgent" : "useragent"), XMLSTR(tmp)); tmp = httpp_getvar(client->parser, "referer"); if (tmp) - xmlNewChild(node, NULL, XMLSTR("referer"), XMLSTR(tmp)); + xmlNewTextChild(node, NULL, XMLSTR("referer"), XMLSTR(tmp)); snprintf(buf, sizeof(buf), "%lu", (unsigned long)(now - client->con->con_time)); xmlNewChild(node, NULL, XMLSTR(mode == OMODE_LEGACY ? "Connected" : "connected"), XMLSTR(buf)); if (client->username) - xmlNewChild(node, NULL, XMLSTR("username"), XMLSTR(client->username)); + xmlNewTextChild(node, NULL, XMLSTR("username"), XMLSTR(client->username)); if (client->role) - xmlNewChild(node, NULL, XMLSTR("role"), XMLSTR(client->role)); + xmlNewTextChild(node, NULL, XMLSTR("role"), XMLSTR(client->role)); #ifdef HAVE_OPENSSL xmlNewChild(node, NULL, XMLSTR("tls"), XMLSTR(client->con->ssl ? "true" : "false")); -- GitLab