From: Adam Dickmeiss <adam@indexdata.dk>
Date: Fri, 1 Oct 2004 11:44:46 +0000 (+0000)
Subject: Prevent XML CDATA with ASCII control chars (except TAB,CR,LF)
X-Git-Tag: YAZ.2.0.26~4
X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=commitdiff_plain;h=ed9a470b2dbe08cfe51079bdb3e7fbd720f857c8

Prevent XML CDATA with ASCII control chars (except TAB,CR,LF)
---

diff --git a/src/wrbuf.c b/src/wrbuf.c
index 0b92aea..345a33e 100644
--- a/src/wrbuf.c
+++ b/src/wrbuf.c
@@ -2,7 +2,7 @@
  * Copyright (c) 1995-2004, Index Data.
  * See the file LICENSE for details.
  *
- * $Id: wrbuf.c,v 1.4 2004-03-20 07:02:23 adam Exp $
+ * $Id: wrbuf.c,v 1.5 2004-10-01 11:44:46 adam Exp $
  */
 
 /*
@@ -89,6 +89,13 @@ int wrbuf_xmlputs_n(WRBUF b, const char *cp, int size)
 {
     while (--size >= 0)
     {
+	/* only TAB,CR,LF of ASCII CTRL are allowed in XML 1.0! */
+	if (*cp >= 0 && *cp <= 31)
+	    if (*cp != 9 && *cp != 10 && *cp != 13)
+	    {
+		cp++;  /* we silently ignore (delete) these.. */
+		continue;
+	    }
 	switch(*cp)
 	{
 	case '<':