King_DuckZ/kamokan
1
0
Fork 0
mirror of https://github.com/KingDuckZ/kamokan.git synced 2024-11-23 00:33:44 +00:00
Code Issues Releases Wiki Activity

Escape any html from pasties before sending the response.

Browse source
This commit is contained in:
King_DuckZ 2017-04-24 19:41:38 +01:00
parent 3c10d624e3
commit 3e60ea4183
4 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/curl_wrapper.cpp
View file

@ -89,7 +89,7 @@ namespace tawashi {
std::string new_value(parString.data(), parString.size()); std::string new_value(parString.data(), parString.size());
std::replace(new_value.begin(), new_value.end(), '+', ' '); std::replace(new_value.begin(), new_value.end(), '+', ' ');
return parCurl.url_unescape(new_value); return parCurl.unescape(new_value);
} }
CurlWrapper::CurlWrapper() : CurlWrapper::CurlWrapper() :
@ -100,12 +100,12 @@ namespace tawashi {
CurlWrapper::~CurlWrapper() noexcept = default; CurlWrapper::~CurlWrapper() noexcept = default;
std::string CurlWrapper::url_escape (const boost::string_ref& parText) const { std::string CurlWrapper::escape (const boost::string_ref& parText) const {
const CurlBufferPointer buff(curl_easy_escape(m_curl.get(), parText.data(), parText.size())); const CurlBufferPointer buff(curl_easy_escape(m_curl.get(), parText.data(), parText.size()));
return std::string(buff.get()); return std::string(buff.get());
} }
std::string CurlWrapper::url_unescape (const boost::string_ref& parText) const { std::string CurlWrapper::unescape (const boost::string_ref& parText) const {
int outLen; int outLen;
const CurlBufferPointer buff(curl_easy_unescape(m_curl.get(), parText.data(), parText.size(), &outLen)); const CurlBufferPointer buff(curl_easy_unescape(m_curl.get(), parText.data(), parText.size(), &outLen));
return std::string(buff.get(), outLen); return std::string(buff.get(), outLen);

4
src/curl_wrapper.hpp
View file

@ -32,8 +32,8 @@ namespace tawashi {
CurlWrapper (const CurlWrapper&) = delete; CurlWrapper (const CurlWrapper&) = delete;
~CurlWrapper() noexcept; ~CurlWrapper() noexcept;
std::string url_escape (const boost::string_ref& parText) const; std::string escape (const boost::string_ref& parText) const;
std::string url_unescape (const boost::string_ref& parText) const; std::string unescape (const boost::string_ref& parText) const;
private: private:
CurlPtr m_curl; CurlPtr m_curl;

6
src/submit_paste_response.cpp
View file

@ -20,6 +20,7 @@
#include "cgi_post.hpp" #include "cgi_post.hpp"
#include "num_to_token.hpp" #include "num_to_token.hpp"
#include "settings_bag.hpp" #include "settings_bag.hpp"
#include "curl_wrapper.hpp"
#include <ciso646> #include <ciso646>
#include <sstream> #include <sstream>
@ -53,7 +54,8 @@ namespace tawashi {
return; return;
} }
boost::optional<std::string> token = submit_to_redis(pastie); CurlWrapper curl;
boost::optional<std::string> token = submit_to_redis(curl.escape(pastie));
if (token) { if (token) {
std::ostringstream oss; std::ostringstream oss;
oss << base_uri() << '/' << *token; oss << base_uri() << '/' << *token;
@ -67,7 +69,7 @@ namespace tawashi {
m_error_message << '\n'; m_error_message << '\n';
} }
boost::optional<std::string> SubmitPasteResponse::submit_to_redis (boost::string_ref parText) const { boost::optional<std::string> SubmitPasteResponse::submit_to_redis (const std::string& parText) const {
auto& redis = this->redis(); auto& redis = this->redis();
if (not redis.is_connected()) if (not redis.is_connected())
return boost::optional<std::string>(); return boost::optional<std::string>();

2
src/submit_paste_response.hpp
View file

@ -30,7 +30,7 @@ namespace tawashi {
private: private:
virtual void on_process() override; virtual void on_process() override;
virtual void on_send (std::ostream& parStream) override; virtual void on_send (std::ostream& parStream) override;
boost::optional<std::string> submit_to_redis (boost::string_ref parText) const; boost::optional<std::string> submit_to_redis (const std::string& parText) const;
std::string m_error_message; std::string m_error_message;
}; };