fix: correctly escape ezc stream to json/xml/csv

2022-01-28 15:54:11 +01:00 · 2022-01-28 15:54:11 +01:00 · 227dd923d6
parent f6cb9a8aed
commit 227dd923d6
2 changed files with 35 additions and 9 deletions
--- a/winixd/core/app.cpp
+++ b/winixd/core/app.cpp
@ -711,7 +711,7 @@ void App::ClearAfterRequest()
 		cur.session->ClearAfterRequest();
 		cur.session = session_manager.GetTmpSession();
 		output_8bit.clear();
-		output_8bit2.clear();
+		output_tmp_filtered_stream.clear();
 		compressed_output.clear();
 		//html_filtered.clear();
 		aheader_name.clear();
@ -1822,7 +1822,6 @@ void App::SendData(const BinaryPage & page, FCGX_Stream * out)
 void App::SendAnswer()
 {
 	output_8bit.clear();
-	output_8bit2.clear();
 	compressed_output.clear();

 	// may use CanSendContent() method?
@ -1915,8 +1914,17 @@ void App::SerializeStreamJson(const pt::WTextStream & input_stream, const wchar_
 	}

 	output_8bit << '"';
-	FilterHtmlIfNeeded(input_stream, output_8bit2);
-	pt::esc_to_json(output_8bit2, output_8bit);
+
+	if( config.html_filter && cur.request->use_html_filter )
+	{
+		TemplatesFunctions::html_filter.filter(input_stream, output_tmp_filtered_stream, true);
+		pt::esc_to_json(output_tmp_filtered_stream, output_8bit);
+	}
+	else
+	{
+		pt::esc_to_json(input_stream, output_8bit);
+	}
+
 	output_8bit << '"';
 }

@ -1930,8 +1938,15 @@ void App::SerializeStreamXml(const pt::WTextStream & input_stream, const wchar_t
 		output_8bit << '>';
 	}

-	FilterHtmlIfNeeded(input_stream, output_8bit2);
-	pt::esc_to_xml(output_8bit2, output_8bit);
+	if( config.html_filter && cur.request->use_html_filter )
+	{
+		TemplatesFunctions::html_filter.filter(input_stream, output_tmp_filtered_stream, true);
+		pt::esc_to_xml(output_tmp_filtered_stream, output_8bit);
+	}
+	else
+	{
+		pt::esc_to_xml(input_stream, output_8bit);
+	}

 	if( field_name )
 	{
@ -1951,9 +1966,18 @@ void App::SerializeStreamCsv(const pt::WTextStream & input_stream, const wchar_t
 		output_8bit << "\";";
 	}

-	FilterHtmlIfNeeded(input_stream, output_8bit2);
 	output_8bit << '"';
-	pt::esc_to_csv(output_8bit2, output_8bit);
+
+	if( config.html_filter && cur.request->use_html_filter )
+	{
+		TemplatesFunctions::html_filter.filter(input_stream, output_tmp_filtered_stream, true);
+		pt::esc_to_csv(output_tmp_filtered_stream, output_8bit);
+	}
+	else
+	{
+		pt::esc_to_csv(input_stream, output_8bit);
+	}
+
 	output_8bit << "\";\n";
 }

@ -2197,6 +2221,7 @@ void App::FilterHtmlIfNeeded(const pt::WTextStream & input_stream, BinaryPage &
 }


+
 void App::Send8bitOutput(BinaryPage & output)
 {
 	bool compressing = false;
--- a/winixd/core/app.h
+++ b/winixd/core/app.h
@ -153,7 +153,8 @@ private:
 	//std::string output_8bit;
 	pt::TextStream serialized_model;

-	BinaryPage output_8bit, output_8bit2;
+	pt::WTextStream output_tmp_filtered_stream;
+	BinaryPage output_8bit;
 	BinaryPage compressed_output;

 	std::wstring cookie_id_string;