]> git.ipfire.org Git - thirdparty/cups.git/commitdiff
projects / thirdparty / cups.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c26ceab)
Make sure we escape the subject and text in the RSS feed
authormsweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Mon, 26 Oct 2015 18:15:48 +0000 (18:15 +0000)
committermsweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Mon, 26 Oct 2015 18:15:48 +0000 (18:15 +0000)
(<rdar://problem/23135066>)

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12942 a1ca3aef-8c08-0410-bb20-df032aa958be

CHANGES-2.1.txt patch | blob | blame | history
notifier/rss.c patch | blob | blame | history

diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt
index 061aa83920d26cd195b2b8457d828c06890ecb3c..1ffb65cd1a8d770e2a0f25055cacfa6e0fef9065 100644 (file)
--- a/CHANGES-2.1.txt
+++ b/CHANGES-2.1.txt
@@ -10,7 +10,7 @@ CHANGES IN CUPS V2.1.1
          <rdar://problem/23133833>, <rdar://problem/23133998>,
          <rdar://problem/23134228>, <rdar://problem/23134299>,
          <rdar://problem/23134356>, <rdar://problem/23134415>,
-         <rdar://problem/23134506>)
+         <rdar://problem/23134506>, <rdar://problem/23135066>)
        - The cupsGetPPD* functions did not work with IPP printers (STR #4725)
        - Some older HP LaserJet printers need a delayed close when printing
          using the libusb-based USB backend (STR #4549)
diff --git a/notifier/rss.c b/notifier/rss.c
index ae8ae4797218944b7de45a14bcda013756bd36d9..3f6ca111e37694c3b8bdcd3ff11828457e1fd1e3 100644 (file)
--- a/notifier/rss.c
+++ b/notifier/rss.c
@@ -3,7 +3,7 @@
  *
  * RSS notifier for CUPS.
  *
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
  * Copyright 2007 by Easy Software Products.
  *
  * These coded instructions, statements, and computer programs are the
@@ -641,15 +641,21 @@ save_rss(cups_array_t *rss,               /* I - RSS messages */
        msg;
        msg = (_cups_rss_t *)cupsArrayPrev(rss))
   {
+    char *subject = xml_escape(msg->subject);
+    char *text = xml_escape(msg->text);
+
     fputs("    <item>\n", fp);
-    fprintf(fp, "      <title>%s</title>\n", msg->subject);
-    fprintf(fp, "      <description>%s</description>\n", msg->text);
+    fprintf(fp, "      <title>%s</title>\n", subject);
+    fprintf(fp, "      <description>%s</description>\n", text);
     if (msg->link_url)
       fprintf(fp, "      <link>%s</link>\n", msg->link_url);
     fprintf(fp, "      <pubDate>%s</pubDate>\n",
             httpGetDateString2(msg->event_time, date, sizeof(date)));
     fprintf(fp, "      <guid>%d</guid>\n", msg->sequence_number);
     fputs("    </item>\n", fp);
+
+    free(subject);
+    free(text);
   }
 
   fputs(" </channel>\n", fp);
Unnamed repository; edit this file 'description' to name the repository.