summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Hommey <mh@glandium.org>2009-04-10 00:25:37 +0200
committerJunio C Hamano <gitster@pobox.com>2009-04-11 22:21:59 -0700
commit519d05be9015871e422cd16ebced620cb01f8b3c (patch)
treed56a900b65c75faa81bd8d205e32dedc88214210
parentd3c9634eacdcaa71cbd69a160e6f4e80ddb7ab63 (diff)
downloadgit-519d05be9015871e422cd16ebced620cb01f8b3c.tar.gz
Replace ",<,>,& with their respective XML entities in DAV requests
If the repo url or the user email contain XML special characters, the remote DAV server is likely to reject the LOCK requests because the XML is then malformed. Signed-off-by: Mike Hommey <mh@glandium.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--http-push.c36
1 files changed, 34 insertions, 2 deletions
diff --git a/http-push.c b/http-push.c
index feeb340daf..5138224cc3 100644
--- a/http-push.c
+++ b/http-push.c
@@ -186,6 +186,32 @@ enum dav_header_flag {
DAV_HEADER_TIMEOUT = (1u << 2)
};
+static char *xml_entities(char *s)
+{
+ struct strbuf buf = STRBUF_INIT;
+ while (*s) {
+ size_t len = strcspn(s, "\"<>&");
+ strbuf_add(&buf, s, len);
+ s += len;
+ switch (*s) {
+ case '"':
+ strbuf_addstr(&buf, "&quot;");
+ break;
+ case '<':
+ strbuf_addstr(&buf, "&lt;");
+ break;
+ case '>':
+ strbuf_addstr(&buf, "&gt;");
+ break;
+ case '&':
+ strbuf_addstr(&buf, "&amp;");
+ break;
+ }
+ s++;
+ }
+ return strbuf_detach(&buf, NULL);
+}
+
static struct curl_slist *get_dav_token_headers(struct remote_lock *lock, enum dav_header_flag options)
{
struct strbuf buf = STRBUF_INIT;
@@ -1225,6 +1251,7 @@ static struct remote_lock *lock_remote(const char *path, long timeout)
struct remote_lock *lock = NULL;
struct curl_slist *dav_headers = NULL;
struct xml_ctx ctx;
+ char *escaped;
url = xmalloc(strlen(repo->url) + strlen(path) + 1);
sprintf(url, "%s%s", repo->url, path);
@@ -1259,7 +1286,9 @@ static struct remote_lock *lock_remote(const char *path, long timeout)
ep = strchr(ep + 1, '/');
}
- strbuf_addf(&out_buffer.buf, LOCK_REQUEST, git_default_email);
+ escaped = xml_entities(git_default_email);
+ strbuf_addf(&out_buffer.buf, LOCK_REQUEST, escaped);
+ free(escaped);
sprintf(timeout_header, "Timeout: Second-%ld", timeout);
dav_headers = curl_slist_append(dav_headers, timeout_header);
@@ -1584,8 +1613,11 @@ static int locking_available(void)
struct curl_slist *dav_headers = NULL;
struct xml_ctx ctx;
int lock_flags = 0;
+ char *escaped;
- strbuf_addf(&out_buffer.buf, PROPFIND_SUPPORTEDLOCK_REQUEST, repo->url);
+ escaped = xml_entities(repo->url);
+ strbuf_addf(&out_buffer.buf, PROPFIND_SUPPORTEDLOCK_REQUEST, escaped);
+ free(escaped);
dav_headers = curl_slist_append(dav_headers, "Depth: 0");
dav_headers = curl_slist_append(dav_headers, "Content-Type: text/xml");