Author: Henrik Nordstrom <henrik@henriknordstrom.net>

Bug #2365: cachemgr.cgi fails to HTML encode config dumps properly

log_format and a couple other directives may contain HTML reserved characters
such as < >, and these needs to be HTML quoted in the output.

diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
index 277524d0612183ece13450cb6a7b770d4d04ac6a..7d57333d6b1a61265a0fa6ad31b0589faabe4407 100644 (file)
--- a/tools/cachemgr.cc
+++ b/tools/cachemgr.cc
@@ -420,7 +420,7 @@ error_html(const char *msg)
     printf("<HTML><HEAD><TITLE>Cache Manager Error</TITLE>\n");
     printf("<STYLE type=\"text/css\"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}--></STYLE></HEAD>\n");
     printf("<BODY><H1>Cache Manager Error</H1>\n");
-    printf("<P>\n%s</P>\n", msg);
+    printf("<P>\n%s</P>\n", html_quote(msg));
     print_trailer();
 }
 
@@ -536,7 +536,7 @@ munge_other_line(const char *buf, cachemgr_request * req)
     if (!strchr(buf, '\t') || *buf == '\t') {
         /* nope, just text */
         snprintf(html, sizeof(html), "%s%s",
-                 table_line_num ? "</table>\n<pre>" : "", buf);
+                 table_line_num ? "</table>\n<pre>" : "", html_quote(buf));
         table_line_num = 0;
         return html;
     }
@@ -573,7 +573,7 @@ munge_other_line(const char *buf, cachemgr_request * req)
         l += snprintf(html + l, sizeof(html) - l, "<%s colspan=\"%d\" align=\"%s\">%s</%s>",
                       ttag, column_span,
                       is_header ? "center" : is_number(cell) ? "right" : "left",
-                      cell, ttag);
+                      html_quote(cell), ttag);
     }
 
     xfree(buf_copy);