From 546400fd7020d5bac1742dd19aa95c4089e22fdd Mon Sep 17 00:00:00 2001 From: msweet Date: Mon, 26 Oct 2015 18:15:48 +0000 Subject: [PATCH] Make sure we escape the subject and text in the RSS feed () git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12942 a1ca3aef-8c08-0410-bb20-df032aa958be --- CHANGES-2.1.txt | 2 +- notifier/rss.c | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt index 061aa83920..1ffb65cd1a 100644 --- a/CHANGES-2.1.txt +++ b/CHANGES-2.1.txt @@ -10,7 +10,7 @@ CHANGES IN CUPS V2.1.1 , , , , , , - ) + , ) - The cupsGetPPD* functions did not work with IPP printers (STR #4725) - Some older HP LaserJet printers need a delayed close when printing using the libusb-based USB backend (STR #4549) diff --git a/notifier/rss.c b/notifier/rss.c index ae8ae47972..3f6ca111e3 100644 --- a/notifier/rss.c +++ b/notifier/rss.c @@ -3,7 +3,7 @@ * * RSS notifier for CUPS. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2015 by Apple Inc. * Copyright 2007 by Easy Software Products. * * These coded instructions, statements, and computer programs are the @@ -641,15 +641,21 @@ save_rss(cups_array_t *rss, /* I - RSS messages */ msg; msg = (_cups_rss_t *)cupsArrayPrev(rss)) { + char *subject = xml_escape(msg->subject); + char *text = xml_escape(msg->text); + fputs(" \n", fp); - fprintf(fp, " %s\n", msg->subject); - fprintf(fp, " %s\n", msg->text); + fprintf(fp, " %s\n", subject); + fprintf(fp, " %s\n", text); if (msg->link_url) fprintf(fp, " %s\n", msg->link_url); fprintf(fp, " %s\n", httpGetDateString2(msg->event_time, date, sizeof(date))); fprintf(fp, " %d\n", msg->sequence_number); fputs(" \n", fp); + + free(subject); + free(text); } fputs(" \n", fp); -- 2.47.2