From: Mark Michelson Date: Thu, 23 Jan 2014 21:00:24 +0000 (+0000) Subject: Fix presence body errors found during testing: X-Git-Tag: 12.1.0-rc1~3^2~53 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6a2953a53438621e683418738c07df9617e2526;p=thirdparty%2Fasterisk.git Fix presence body errors found during testing: * PIDF bodies were reporting an "open" state in many cases where it should have been reporting "closed" * XPIDF bodies had XML nodes placed incorrectly within the hierarchy. * SIP URIs in XPIDF bodies did not go through XML sanitization * XML sanitization had some errors: * Right angle bracket was being replaced with "&rt;" instead of ">" * Double quote, apostrophe, and ampersand were not being escaped. git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@406294 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/res/res_pjsip_pidf.c b/res/res_pjsip_pidf.c index 4219e4ce38..4f1d3b3cd3 100644 --- a/res/res_pjsip_pidf.c +++ b/res/res_pjsip_pidf.c @@ -193,17 +193,29 @@ static void sanitize_xml(const char *input, char *output, size_t len) output[0] = '\0'; - while ((break_point = strpbrk(copy, "<>"))) { - char bracket = *break_point; + while ((break_point = strpbrk(copy, "<>\"&'"))) { + char to_escape = *break_point; *break_point = '\0'; strncat(output, copy, len); - if (bracket == '<') { + switch (to_escape) { + case '<': strncat(output, "<", len); - } else { - strncat(output, "&rt;", len); - } + break; + case '>': + strncat(output, ">", len); + break; + case '"': + strncat(output, """, len); + break; + case '&': + strncat(output, "&", len); + break; + case '\'': + strncat(output, "'", len); + break; + }; copy = break_point + 1; } @@ -252,7 +264,7 @@ static int pidf_xml_create_body(struct ast_sip_exten_state_data *data, const cha pjpidf_tuple_set_contact(pool, tuple, pj_cstr(&contact, sanitized)); pjpidf_tuple_set_contact_prio(pool, tuple, pj_cstr(&priority, "1")); pjpidf_status_set_basic_open(pjpidf_tuple_get_status(tuple), - (pidfstate[0] == 'b') || (local_state != NOTIFY_CLOSED)); + local_state == NOTIFY_OPEN); if (!(size = pjpidf_print(pres, ast_str_buffer(*body_text), ast_str_size(*body_text)))) { @@ -282,6 +294,11 @@ static int xpidf_xml_create_body(struct ast_sip_exten_state_data *data, const ch pj_str_t name, uri; char *statestring = NULL, *pidfstate = NULL, *pidfnote = NULL; int local_state, size; + char sanitized[PJSIP_MAX_URL_SIZE]; + pj_xml_node *atom; + pj_xml_node *address; + pj_xml_node *status; + pj_xml_node *msnsubstatus; RAII_VAR(pj_pool_t *, pool, pjsip_endpt_create_pool(ast_sip_get_pjsip_endpoint(), @@ -295,26 +312,32 @@ static int xpidf_xml_create_body(struct ast_sip_exten_state_data *data, const ch return -1; } - attr = find_node_attr(pool, pres, "atom", "id"); - pj_strdup2(pool, &attr->value, data->exten); + ast_sip_presence_xml_find_node_attr(state_data->pool, pres, "atom", "id", + &atom, &attr); + pj_strdup2(state_data->pool, &attr->value, state_data->exten); + + ast_sip_presence_xml_find_node_attr(state_data->pool, atom, "address", + "uri", &address, &attr); - attr = find_node_attr(pool, pres, "address", "uri"); + ast_sip_sanitize_xml(state_data->remote, sanitized, sizeof(sanitized)); - uri.ptr = (char*) pj_pool_alloc(pool, strlen(remote) + STR_ADDR_PARAM.slen); - pj_strcpy2( &uri, remote); + uri.ptr = (char*) pj_pool_alloc(state_data->pool, + strlen(sanitized) + STR_ADDR_PARAM.slen); + pj_strcpy2( &uri, sanitized); pj_strcat( &uri, &STR_ADDR_PARAM); - pj_strdup(pool, &attr->value, &uri); + pj_strdup(state_data->pool, &attr->value, &uri); - create_attr(pool, pj_xml_find_node(pres, pj_cstr(&name, "address")), - "priority", "0.80000"); + ast_sip_presence_xml_create_attr(state_data->pool, address, "priority", "0.80000"); - attr = find_node_attr(pool, pres, "status", "status"); - pj_strdup2(pool, &attr->value, + ast_sip_presence_xml_find_node_attr(state_data->pool, address, + "status", "status", &status, &attr); + pj_strdup2(state_data->pool, &attr->value, (local_state == NOTIFY_OPEN) ? "open" : (local_state == NOTIFY_INUSE) ? "inuse" : "closed"); - attr = find_node_attr(pool, pres, "msnsubstatus", "substatus"); - pj_strdup2(pool, &attr->value, + ast_sip_presence_xml_find_node_attr(state_data->pool, address, + "msnsubstatus", "substatus", &msnsubstatus, &attr); + pj_strdup2(state_data->pool, &attr->value, (local_state == NOTIFY_OPEN) ? "online" : (local_state == NOTIFY_INUSE) ? "onthephone" : "offline");