From 1c5f2289c7593c42b111050a1a1e04df96e9a51d Mon Sep 17 00:00:00 2001
From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Fri, 27 Jun 2008 07:11:51 -0600
Subject: [PATCH] Author: Henrik Nordstrom <henrik@henriknordstrom.net> Bug
 #2365: cachemgr.cgi fails to HTML encode config dumps properly

log_format and a couple other directives may contain HTML reserved characters
such as < >, and these needs to be HTML quoted in the output.
---
 tools/cachemgr.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
index 277524d061..7d57333d6b 100644
--- a/tools/cachemgr.cc
+++ b/tools/cachemgr.cc
@@ -420,7 +420,7 @@ error_html(const char *msg)
     printf("<HTML><HEAD><TITLE>Cache Manager Error</TITLE>\n");
     printf("<STYLE type=\"text/css\"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}--></STYLE></HEAD>\n");
     printf("<BODY><H1>Cache Manager Error</H1>\n");
-    printf("<P>\n%s</P>\n", msg);
+    printf("<P>\n%s</P>\n", html_quote(msg));
     print_trailer();
 }
 
@@ -536,7 +536,7 @@ munge_other_line(const char *buf, cachemgr_request * req)
     if (!strchr(buf, '\t') || *buf == '\t') {
         /* nope, just text */
         snprintf(html, sizeof(html), "%s%s",
-                 table_line_num ? "</table>\n<pre>" : "", buf);
+                 table_line_num ? "</table>\n<pre>" : "", html_quote(buf));
         table_line_num = 0;
         return html;
     }
@@ -573,7 +573,7 @@ munge_other_line(const char *buf, cachemgr_request * req)
         l += snprintf(html + l, sizeof(html) - l, "<%s colspan=\"%d\" align=\"%s\">%s</%s>",
                       ttag, column_span,
                       is_header ? "center" : is_number(cell) ? "right" : "left",
-                      cell, ttag);
+                      html_quote(cell), ttag);
     }
 
     xfree(buf_copy);
-- 
2.47.2