diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/modules/m_httpd_stats.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/modules/m_httpd_stats.cpp b/src/modules/m_httpd_stats.cpp index 077bc4f2d..547d6032f 100644 --- a/src/modules/m_httpd_stats.cpp +++ b/src/modules/m_httpd_stats.cpp @@ -55,14 +55,23 @@ class ModuleHttpStats : public Module ret += it->second; ret += ';'; } - else if (*x < 32 || *x > 126) + else if (*x == 0x9 || *x == 0xA || *x == 0xD || + (*x >= 0x20 && *x <= 0xD7FF) || (*x >= 0xE000 && *x <= 0x10FFFF)) { - int n = (unsigned char)*x; - ret += ("&#" + ConvToStr(n) + ";"); + // The XML specification defines the following characters as valid inside an XML document: + // Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] + ret += *x; } else { - ret += *x; + // If we reached this point then the string contains characters which can + // not be represented in XML, even using a numeric escape. Therefore, we + // Base64 encode the entire string and wrap it in a CDATA. + ret.clear(); + ret += "<![CDATA["; + ret += BinToBase64(str); + ret += "]]>"; + break; } } return ret; @@ -145,7 +154,7 @@ class ModuleHttpStats : public Module Channel* c = a->second; data << "<channel>"; - data << "<usercount>" << c->GetUsers()->size() << "</usercount><channelname>" << c->name << "</channelname>"; + data << "<usercount>" << c->GetUsers()->size() << "</usercount><channelname>" << Sanitize(c->name) << "</channelname>"; data << "<channeltopic>"; data << "<topictext>" << Sanitize(c->topic) << "</topictext>"; data << "<setby>" << Sanitize(c->setby) << "</setby>"; |