From bca9f7d03a33dc346648b7b1f60555042ecf42ba Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Tue, 22 Apr 2008 21:29:35 +0200
Subject: [PATCH] Fixed bug #1162: HTML entities are not escaped properly.

The recid CDATA was not escaped properly.
---
 src/http_command.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/http_command.c b/src/http_command.c
index 7eab95f..1272415 100644
--- a/src/http_command.c
+++ b/src/http_command.c
@@ -613,7 +613,9 @@ static void cmd_record(struct http_channel *c)
     else
     {
         wrbuf_puts(c->wrbuf, "<record>\n");
-        wrbuf_printf(c->wrbuf, "<recid>%s</recid>\n", rec->recid);
+        wrbuf_puts(c->wrbuf, "<recid>");
+        wrbuf_xmlputs(c->wrbuf, rec->recid);
+        wrbuf_puts(c->wrbuf, "</recid>\n");
         write_metadata(c->wrbuf, service, rec->metadata, 1);
         for (r = rec->records; r; r = r->next)
             write_subrecord(r, c->wrbuf, service, 1);
@@ -688,7 +690,9 @@ static void show_records(struct http_channel *c, int active)
             write_subrecord(p, c->wrbuf, service, 0); // subrecs w/o details
         if (ccount > 1)
             wrbuf_printf(c->wrbuf, "<count>%d</count>\n", ccount);
-        wrbuf_printf(c->wrbuf, "<recid>%s</recid>\n", rec->recid);
+        wrbuf_puts(c->wrbuf, "<recid>");
+        wrbuf_xmlputs(c->wrbuf, rec->recid);
+        wrbuf_puts(c->wrbuf, "</recid>\n");
         wrbuf_puts(c->wrbuf, "</hit>\n");
     }
 
-- 
1.7.10.4