From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Tue, 24 Jun 2008 22:39:16 +0000 (+0200)
Subject: Bug #2365: cachemgr.cgi fails to HTML encode config dumps properly
X-Git-Tag: SQUID_3_1_0_1~49^2~190
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a6a600f88aea8c566d3f1d56ea6f607f9c049ac;p=thirdparty%2Fsquid.git

Bug #2365: cachemgr.cgi fails to HTML encode config dumps properly

log_format and a couple other directives may contain HTML reserved characters
such as < >, and these needs to be HTML quoted in the output.
---

diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
index 3839391216..54ee12cf4e 100644
--- a/tools/cachemgr.cc
+++ b/tools/cachemgr.cc
@@ -417,7 +417,7 @@ error_html(const char *msg)
     printf("<HTML><HEAD><TITLE>Cache Manager Error</TITLE>\n");
     printf("<STYLE type=\"text/css\"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}--></STYLE></HEAD>\n");
     printf("<BODY><H1>Cache Manager Error</H1>\n");
-    printf("<P>\n%s</P>\n", msg);
+    printf("<P>\n%s</P>\n", html_quote(msg));
     print_trailer();
 }
 
@@ -531,7 +531,7 @@ munge_other_line(const char *buf, cachemgr_request * req)
     if (!strchr(buf, '\t') || *buf == '\t') {
         /* nope, just text */
         snprintf(html, sizeof(html), "%s%s",
-                 table_line_num ? "</table>\n<pre>" : "", buf);
+                 table_line_num ? "</table>\n<pre>" : "", html_quote(buf));
         table_line_num = 0;
         return html;
     }
@@ -568,7 +568,7 @@ munge_other_line(const char *buf, cachemgr_request * req)
         l += snprintf(html + l, sizeof(html) - l, "<%s colspan=\"%d\" align=\"%s\">%s</%s>",
                       ttag, column_span,
                       is_header ? "center" : is_number(cell) ? "right" : "left",
-                      cell, ttag);
+                      html_quote(cell), ttag);
     }
 
     xfree(buf_copy);