From 3e60ea4183b8c2bbe96dc8cb037c8a1a6bf7e715 Mon Sep 17 00:00:00 2001 From: King_DuckZ Date: Mon, 24 Apr 2017 19:41:38 +0100 Subject: [PATCH] Escape any html from pasties before sending the response. --- src/curl_wrapper.cpp | 6 +++--- src/curl_wrapper.hpp | 4 ++-- src/submit_paste_response.cpp | 6 ++++-- src/submit_paste_response.hpp | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/curl_wrapper.cpp b/src/curl_wrapper.cpp index fb7c1f6..e207a1b 100644 --- a/src/curl_wrapper.cpp +++ b/src/curl_wrapper.cpp @@ -89,7 +89,7 @@ namespace tawashi { std::string new_value(parString.data(), parString.size()); std::replace(new_value.begin(), new_value.end(), '+', ' '); - return parCurl.url_unescape(new_value); + return parCurl.unescape(new_value); } CurlWrapper::CurlWrapper() : @@ -100,12 +100,12 @@ namespace tawashi { CurlWrapper::~CurlWrapper() noexcept = default; - std::string CurlWrapper::url_escape (const boost::string_ref& parText) const { + std::string CurlWrapper::escape (const boost::string_ref& parText) const { const CurlBufferPointer buff(curl_easy_escape(m_curl.get(), parText.data(), parText.size())); return std::string(buff.get()); } - std::string CurlWrapper::url_unescape (const boost::string_ref& parText) const { + std::string CurlWrapper::unescape (const boost::string_ref& parText) const { int outLen; const CurlBufferPointer buff(curl_easy_unescape(m_curl.get(), parText.data(), parText.size(), &outLen)); return std::string(buff.get(), outLen); diff --git a/src/curl_wrapper.hpp b/src/curl_wrapper.hpp index efb3552..20dace7 100644 --- a/src/curl_wrapper.hpp +++ b/src/curl_wrapper.hpp @@ -32,8 +32,8 @@ namespace tawashi { CurlWrapper (const CurlWrapper&) = delete; ~CurlWrapper() noexcept; - std::string url_escape (const boost::string_ref& parText) const; - std::string url_unescape (const boost::string_ref& parText) const; + std::string escape (const boost::string_ref& parText) const; + std::string unescape (const boost::string_ref& parText) const; private: CurlPtr m_curl; diff --git a/src/submit_paste_response.cpp b/src/submit_paste_response.cpp index ceb806a..8a50024 100644 --- a/src/submit_paste_response.cpp +++ b/src/submit_paste_response.cpp @@ -20,6 +20,7 @@ #include "cgi_post.hpp" #include "num_to_token.hpp" #include "settings_bag.hpp" +#include "curl_wrapper.hpp" #include #include @@ -53,7 +54,8 @@ namespace tawashi { return; } - boost::optional token = submit_to_redis(pastie); + CurlWrapper curl; + boost::optional token = submit_to_redis(curl.escape(pastie)); if (token) { std::ostringstream oss; oss << base_uri() << '/' << *token; @@ -67,7 +69,7 @@ namespace tawashi { m_error_message << '\n'; } - boost::optional SubmitPasteResponse::submit_to_redis (boost::string_ref parText) const { + boost::optional SubmitPasteResponse::submit_to_redis (const std::string& parText) const { auto& redis = this->redis(); if (not redis.is_connected()) return boost::optional(); diff --git a/src/submit_paste_response.hpp b/src/submit_paste_response.hpp index 353d4d0..4b9b922 100644 --- a/src/submit_paste_response.hpp +++ b/src/submit_paste_response.hpp @@ -30,7 +30,7 @@ namespace tawashi { private: virtual void on_process() override; virtual void on_send (std::ostream& parStream) override; - boost::optional submit_to_redis (boost::string_ref parText) const; + boost::optional submit_to_redis (const std::string& parText) const; std::string m_error_message; };