From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 28 Jun 2009 10:49:52 +0000 (+1200)
Subject: Author: Don Hopkins <dhopkins@DonHopkins.com>
X-Git-Tag: SQUID_3_2_0_1~921
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dde08ec7560989c6f1a06970dfb82f45a684785f;p=thirdparty%2Fsquid.git

Author: Don Hopkins <dhopkins@DonHopkins.com>
Bug 1087: ESI processor not quoting attributes correctly.

Use HTML 4.01 specified double-quotes instead of HTML 1.0 single quotes
and HTML-encode any double-quotes contained within the attribute data.
---

diff --git a/src/esi/Esi.cc b/src/esi/Esi.cc
index af01c61197..ebf2df411e 100644
--- a/src/esi/Esi.cc
+++ b/src/esi/Esi.cc
@@ -1028,10 +1028,19 @@ ESIContext::start(const char *el, const char **attr, size_t attrCount)
             assert (xstrncpy (pos, attr[i], sizeof(localbuf) + (pos - localbuf)));
             pos += strlen (pos);
             *pos++ = '=';
-            *pos++ = '\'';
-            assert (xstrncpy (pos, attr[i + 1], sizeof(localbuf) + (pos - localbuf)));
+            *pos++ = '\"';
+            const char *chPtr = attr[i + 1];
+            char ch;
+            while ((ch = *chPtr++) != '\0') {
+                if (ch == '\"') {
+                    assert( xstrncpy(pos, "&quot;", sizeof(localbuf) + (pos-localbuf)) );
+                    pos += 6;
+                } else {
+                    *(pos++) = ch;
+                }
+            }
             pos += strlen (pos);
-            *pos++ = '\'';
+            *pos++ = '\"';
         }
 
         *pos++ = '>';