Fixed bug #1162: HTML entities are not escaped properly.

author Adam Dickmeiss <adam@indexdata.dk>

Tue, 22 Apr 2008 19:29:35 +0000 (21:29 +0200)

committer Adam Dickmeiss <adam@indexdata.dk>

Tue, 22 Apr 2008 19:29:35 +0000 (21:29 +0200)
author Adam Dickmeiss <adam@indexdata.dk>
Tue, 22 Apr 2008 19:29:35 +0000 (21:29 +0200)
committer Adam Dickmeiss <adam@indexdata.dk>
Tue, 22 Apr 2008 19:29:35 +0000 (21:29 +0200)
diff --git a/src/http_command.c b/src/http_command.c

index 7eab95f..1272415 100644 (file)
--- a/src/http_command.c
+++ b/src/http_command.c
@@ -613,7 +613,9 @@ static void cmd_record(struct http_channel *c)
      else
      {
          wrbuf_puts(c->wrbuf, "<record>\n");
-        wrbuf_printf(c->wrbuf, "<recid>%s</recid>\n", rec->recid);
+        wrbuf_puts(c->wrbuf, "<recid>");
+        wrbuf_xmlputs(c->wrbuf, rec->recid);
+        wrbuf_puts(c->wrbuf, "</recid>\n");
          write_metadata(c->wrbuf, service, rec->metadata, 1);
          for (r = rec->records; r; r = r->next)
              write_subrecord(r, c->wrbuf, service, 1);
@@ -688,7 +690,9 @@ static void show_records(struct http_channel *c, int active)
              write_subrecord(p, c->wrbuf, service, 0); // subrecs w/o details
          if (ccount > 1)
              wrbuf_printf(c->wrbuf, "<count>%d</count>\n", ccount);
-        wrbuf_printf(c->wrbuf, "<recid>%s</recid>\n", rec->recid);
+        wrbuf_puts(c->wrbuf, "<recid>");
+        wrbuf_xmlputs(c->wrbuf, rec->recid);
+        wrbuf_puts(c->wrbuf, "</recid>\n");
          wrbuf_puts(c->wrbuf, "</hit>\n");
      }
author	Adam Dickmeiss <adam@indexdata.dk>
	Tue, 22 Apr 2008 19:29:35 +0000 (21:29 +0200)
committer	Adam Dickmeiss <adam@indexdata.dk>
	Tue, 22 Apr 2008 19:29:35 +0000 (21:29 +0200)