Backport r730296: fix for HTML entity escaping in mod_include,

including enhancement of ap_escape_html API.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@732583 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 9e2bf58574223c5b97f205eb7c214ad6e85207d4..32e9433c75eebde6f3f312513ed650551c6c532b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.12
 
+  *) mod_include: support generating non-ASCII characters as entities in SSI
+     PR 25202 [Nick Kew] 
+
+  *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
+     [Nick Kew]
+
   *) mod_rewrite: fix "B" flag breakage by reverting r589343
      PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
 

diff --git a/STATUS b/STATUS
index 6529e0aa56b1e886d6217606843a3458e6932d60..5f20e87bb7f787b6580fb99d4c3b457ca4cad061 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -93,15 +93,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
     http://svn.apache.org/viewvc?view=rev&revision=731594
     +1: niq, rpluem, covener
 
-  * Enhance ap_escape_html to add an option to escape all non-ASCII
-    characters.  Use this to fix mod_include's handling of entities.
-    PR 25202
-      trunk:
-        http://svn.apache.org/viewvc?view=rev&revision=730296
-      2.2.x:
-        http://people.apache.org/~niq/patches/25202
-    +1: niq, rpluem, covener
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index fbdd336d1111f113919a12da56ff722cab98c60a..e5e5be55c9412b75f0e5dc53609c562f188558d7 100644 (file)
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -135,6 +135,7 @@
  * 20051115.19 (2.2.11) Added ap_timeout_parameter_parse to util.c / httpd.h
  * 20051115.20 (2.2.11) Add ap_proxy_buckets_lifetime_transform to mod_proxy.h
  * 20051115.21 (2.2.11) Export mod_rewrite.h in the public API
+ * 20051115.22 (2.2.12) Add ap_escape_html2 API, with additional option
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */

diff --git a/include/httpd.h b/include/httpd.h
index a96e4d620978d7a512251cb4fa9bd293d46bc2fc..30bdc71b7b4dba92c4887b4c6a92531f143ccf94 100644 (file)
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1495,6 +1495,14 @@ AP_DECLARE(char *) ap_os_escape_path(apr_pool_t *p, const char *path, int partia
  * @return The escaped string
  */
 AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s);
+/**
+ * Escape an html string
+ * @param p The pool to allocate from
+ * @param s The html to escape
+ * @param toasc Whether to escape all non-ASCII chars to &#nnn;
+ * @return The escaped string
+ */
+AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc);
 
 /**
  * Escape a string for logging

diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c
index 1c683880cef29e0c94fbc5ef3ffab3807d358589..acb3010472cea486a0b8edef610be3208403fee1 100644 (file)
--- a/modules/filters/mod_include.c
+++ b/modules/filters/mod_include.c
@@ -1812,7 +1812,8 @@ static apr_status_t handle_echo(include_ctx_t *ctx, ap_filter_t *f,
                     echo_text = ap_escape_uri(ctx->dpool, val);
                     break;
                 case E_ENTITY:
-                    echo_text = ap_escape_html(ctx->dpool, val);
+                    /* PR#25202: escape anything non-ascii here */
+                    echo_text = ap_escape_html2(ctx->dpool, val, 1);
                     break;
                 }
 

diff --git a/server/util.c b/server/util.c
index 3c927c23957928cdd7f1d50777d3b496f18d6f06..e16b8eb24f1eb93b870c21cbbc728406dfdca567 100644 (file)
--- a/server/util.c
+++ b/server/util.c
@@ -1737,7 +1737,7 @@ AP_DECLARE(char *) ap_os_escape_path(apr_pool_t *p, const char *path, int partia
 
 /* ap_escape_uri is now a macro for os_escape_path */
 
-AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
+AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc)
 {
     int i, j;
     char *x;
@@ -1750,6 +1750,8 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
             j += 4;
         else if (s[i] == '"')
             j += 5;
+        else if (toasc && !apr_isascii(s[i]))
+            j += 5;
 
     if (j == 0)
         return apr_pstrmemdup(p, s, i);
@@ -1772,13 +1774,21 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
             memcpy(&x[j], """, 6);
             j += 5;
         }
+        else if (toasc && !apr_isascii(s[i])) {
+            char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]);
+            memcpy(&x[j], esc, 6);
+            j += 5;
+        }
         else
             x[j] = s[i];
 
     x[j] = '\0';
     return x;
 }
-
+AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s)
+{
+    return ap_escape_html2(p, s, 0);
+}
 AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str)
 {
     char *ret;