From 227dd923d65026a5e314b65c9a355c25c713812a Mon Sep 17 00:00:00 2001 From: Tomasz Sowa Date: Fri, 28 Jan 2022 15:54:11 +0100 Subject: [PATCH] fix: correctly escape ezc stream to json/xml/csv --- winixd/core/app.cpp | 41 +++++++++++++++++++++++++++++++++-------- winixd/core/app.h | 3 ++- 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/winixd/core/app.cpp b/winixd/core/app.cpp index 1c2e098..96e05c1 100644 --- a/winixd/core/app.cpp +++ b/winixd/core/app.cpp @@ -711,7 +711,7 @@ void App::ClearAfterRequest() cur.session->ClearAfterRequest(); cur.session = session_manager.GetTmpSession(); output_8bit.clear(); - output_8bit2.clear(); + output_tmp_filtered_stream.clear(); compressed_output.clear(); //html_filtered.clear(); aheader_name.clear(); @@ -1822,7 +1822,6 @@ void App::SendData(const BinaryPage & page, FCGX_Stream * out) void App::SendAnswer() { output_8bit.clear(); - output_8bit2.clear(); compressed_output.clear(); // may use CanSendContent() method? @@ -1915,8 +1914,17 @@ void App::SerializeStreamJson(const pt::WTextStream & input_stream, const wchar_ } output_8bit << '"'; - FilterHtmlIfNeeded(input_stream, output_8bit2); - pt::esc_to_json(output_8bit2, output_8bit); + + if( config.html_filter && cur.request->use_html_filter ) + { + TemplatesFunctions::html_filter.filter(input_stream, output_tmp_filtered_stream, true); + pt::esc_to_json(output_tmp_filtered_stream, output_8bit); + } + else + { + pt::esc_to_json(input_stream, output_8bit); + } + output_8bit << '"'; } @@ -1930,8 +1938,15 @@ void App::SerializeStreamXml(const pt::WTextStream & input_stream, const wchar_t output_8bit << '>'; } - FilterHtmlIfNeeded(input_stream, output_8bit2); - pt::esc_to_xml(output_8bit2, output_8bit); + if( config.html_filter && cur.request->use_html_filter ) + { + TemplatesFunctions::html_filter.filter(input_stream, output_tmp_filtered_stream, true); + pt::esc_to_xml(output_tmp_filtered_stream, output_8bit); + } + else + { + pt::esc_to_xml(input_stream, output_8bit); + } if( field_name ) { @@ -1951,9 +1966,18 @@ void App::SerializeStreamCsv(const pt::WTextStream & input_stream, const wchar_t output_8bit << "\";"; } - FilterHtmlIfNeeded(input_stream, output_8bit2); output_8bit << '"'; - pt::esc_to_csv(output_8bit2, output_8bit); + + if( config.html_filter && cur.request->use_html_filter ) + { + TemplatesFunctions::html_filter.filter(input_stream, output_tmp_filtered_stream, true); + pt::esc_to_csv(output_tmp_filtered_stream, output_8bit); + } + else + { + pt::esc_to_csv(input_stream, output_8bit); + } + output_8bit << "\";\n"; } @@ -2197,6 +2221,7 @@ void App::FilterHtmlIfNeeded(const pt::WTextStream & input_stream, BinaryPage & } + void App::Send8bitOutput(BinaryPage & output) { bool compressing = false; diff --git a/winixd/core/app.h b/winixd/core/app.h index 6de989f..c1131d3 100644 --- a/winixd/core/app.h +++ b/winixd/core/app.h @@ -153,7 +153,8 @@ private: //std::string output_8bit; pt::TextStream serialized_model; - BinaryPage output_8bit, output_8bit2; + pt::WTextStream output_tmp_filtered_stream; + BinaryPage output_8bit; BinaryPage compressed_output; std::wstring cookie_id_string;