[mythtv-commits] Ticket #5435: Incorrect Escaping of '&' in UPNP Requests

MythTV mythtv at cvs.mythtv.org
Tue Nov 18 02:11:26 UTC 2008


#5435: Incorrect Escaping of '&' in UPNP Requests
-----------------------------------+----------------------------------------
 Reporter:  jeff at the-seiferts.com  |        Owner:  nigel   
     Type:  patch                  |       Status:  assigned
 Priority:  minor                  |    Milestone:  unknown 
Component:  upnp                   |      Version:  head    
 Severity:  medium                 |   Resolution:          
  Mlocked:  0                      |  
-----------------------------------+----------------------------------------

Comment(by nigel):

 It wasn't a side-effect, the RegExp in the patch just doesn't work, but
 the clients sometimes cache old data so it wasn't happening all the time.
 Here is the test program I used to experiment:
 {{{
 #include <QApplication>
 #include <QRegExp>
 #include <QString>

 int main(int argc, char *argv[])
 {
     QApplication a(argc, argv);

     QString data = "blah, blah & blah\n"
                    "Nigel&apos;s\n"
                    "Error&ampError\n"
                    "Don't&nbsp;wrap. &#xFFFF;";

     QRegExp entities("^(quot|amp|apos|lt|gt|nbsp"
                      "|#\\d\\d\\d\\d|#x[0-F][0-F][0-F][0-F]|);");

     qWarning("\tString...");
     qWarning(qPrintable(data));

     int pos = data.indexOf('&');
     while (pos >= 0)
     {
         QString afterAmp = data.mid(++pos);

         if (data.mid(++pos).contains(entities))
         {
             qWarning("ENTITY contained in ");
             qWarning(qPrintable(afterAmp))
         }
         else
             data.insert(pos, "amp;");

         pos = data.indexOf('&', pos);  // Find next &
     }

     qWarning("\tbecomes..");
     qWarning(qPrintable(data));
 }
 }}}

-- 
Ticket URL: <http://svn.mythtv.org/trac/ticket/5435#comment:6>
MythTV <http://www.mythtv.org/>
MythTV


More information about the mythtv-commits mailing list