From: msweet Date: Mon, 26 Oct 2015 18:15:48 +0000 (+0000) Subject: Make sure we escape the subject and text in the RSS feed X-Git-Tag: v2.2b1~162 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=546400fd7020d5bac1742dd19aa95c4089e22fdd;p=thirdparty%2Fcups.git Make sure we escape the subject and text in the RSS feed () git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12942 a1ca3aef-8c08-0410-bb20-df032aa958be --- diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt index 061aa83920..1ffb65cd1a 100644 --- a/CHANGES-2.1.txt +++ b/CHANGES-2.1.txt @@ -10,7 +10,7 @@ CHANGES IN CUPS V2.1.1 , , , , , , - ) + , ) - The cupsGetPPD* functions did not work with IPP printers (STR #4725) - Some older HP LaserJet printers need a delayed close when printing using the libusb-based USB backend (STR #4549) diff --git a/notifier/rss.c b/notifier/rss.c index ae8ae47972..3f6ca111e3 100644 --- a/notifier/rss.c +++ b/notifier/rss.c @@ -3,7 +3,7 @@ * * RSS notifier for CUPS. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2015 by Apple Inc. * Copyright 2007 by Easy Software Products. * * These coded instructions, statements, and computer programs are the @@ -641,15 +641,21 @@ save_rss(cups_array_t *rss, /* I - RSS messages */ msg; msg = (_cups_rss_t *)cupsArrayPrev(rss)) { + char *subject = xml_escape(msg->subject); + char *text = xml_escape(msg->text); + fputs(" \n", fp); - fprintf(fp, " %s\n", msg->subject); - fprintf(fp, " %s\n", msg->text); + fprintf(fp, " %s\n", subject); + fprintf(fp, " %s\n", text); if (msg->link_url) fprintf(fp, " %s\n", msg->link_url); fprintf(fp, " %s\n", httpGetDateString2(msg->event_time, date, sizeof(date))); fprintf(fp, " %d\n", msg->sequence_number); fputs(" \n", fp); + + free(subject); + free(text); } fputs(" \n", fp);