[icinga-checkins] icinga.org: icinga-core/r1.8: classic-ui: fixed JSON output is insufficiently escaped #3541

git at icinga.org git at icinga.org
Mon Mar 4 19:21:42 CET 2013


Module: icinga-core
Branch: r1.8
Commit: bd537decd72f429785d4887610a0f3723d671edf
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=bd537decd72f429785d4887610a0f3723d671edf

Author: Ricardo Bartels <ricardo at bitchbrothers.com>
Date:   Mon Jan 21 21:33:39 2013 +0100

classic-ui: fixed JSON output is insufficiently escaped #3541

refs: #3541

now blackslash gets escaped and all control characters get sripped.

Conflicts:
	Changelog

---

 Changelog      |    3 +++
 cgi/cgiutils.c |   10 +++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/Changelog b/Changelog
index e535c6f..81bafb8 100644
--- a/Changelog
+++ b/Changelog
@@ -15,6 +15,8 @@ UPGRADE NOTES
 1.8.5 - XX/XX/2013
 
 FIXES
+* classic ui: fixed JSON output is insufficiently escaped #3541 - RB
+
 * idoutils: idomod leaks memory on core reload #3749 - GB
 
 
@@ -30,6 +32,7 @@ FIXES
 * idoutils: unlink leftover socket on startup, if using unix sockets - MF
 * idoutils: fix long output data causes wrong data in database #2342 - MF
 
+
 1.8.3 - 12/12/2012
 
 FIXES
diff --git a/cgi/cgiutils.c b/cgi/cgiutils.c
index a8cbf9d..e7380db 100644
--- a/cgi/cgiutils.c
+++ b/cgi/cgiutils.c
@@ -3059,16 +3059,20 @@ char *json_encode(char *input) {
 
 	for (i = 0, j = 0; i < len; i++) {
 
-		/* escape quotes */
-		if ((char)input[i] == (char)'"') {
+		/* escape quotes and backslashes */
+		if ((char)input[i] == (char)'"' || (char)input[i] == (char)'\\') {
 			encoded_string[j++] = '\\';
 			encoded_string[j++] = input[i];
 
-			/* escape newlines */
+		/* escape newlines */
 		} else if ((char)input[i] == (char)'\n') {
 			encoded_string[j++] = '\\';
 			encoded_string[j++] = 'n';
 
+		/* ignore control caracters */
+		} else if (input[i] < 32 || input[i] == 127) {
+			continue;
+
 		} else
 			encoded_string[j++] = input[i];
 	}





More information about the icinga-checkins mailing list