From 6fa8fe7a2c07d9d9e419889afdd9e91e38cf1e78 Mon Sep 17 00:00:00 2001 From: brain Date: Sat, 10 May 2008 19:52:07 +0000 Subject: Add a 'sanitize' function to sanitize special characters in the output, <, > and & etc git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9696 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/m_httpd_stats.cpp | 45 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 7 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_httpd_stats.cpp b/src/modules/m_httpd_stats.cpp index 9699ddca2..d0963b2af 100644 --- a/src/modules/m_httpd_stats.cpp +++ b/src/modules/m_httpd_stats.cpp @@ -40,6 +40,37 @@ class ModuleHttpStats : public Module ServerInstance->Modules->Attach(eventlist, this, 2); } + std::string Sanitize(const std::string &str) + { + std::string ret; + + for (std::string::const_iterator x = str.begin(); x != str.end(); ++x) + { + switch (*x) + { + case '<': + ret += "<"; + break; + case '>': + ret += ">"; + break; + case '&': + ret += "&"; + break; + default: + if (*x < 32 || *x > 126) + { + int n = *x; + ret += ("&#" + ConvToStr(n) + ";"); + } + else + ret += *x; + break; + } + } + return ret; + } + void OnEvent(Event* event) { std::stringstream data(""); @@ -53,7 +84,7 @@ class ModuleHttpStats : public Module { data << ""; - data << "" << ServerInstance->Config->ServerName << "" << ServerInstance->Config->ServerDesc << ""; + data << "" << ServerInstance->Config->ServerName << "" << Sanitize(ServerInstance->Config->ServerDesc) << ""; data << ""; data << "" << ServerInstance->Users->clientlist->size() << ""; @@ -67,7 +98,7 @@ class ModuleHttpStats : public Module time_t server_uptime = current_time - ServerInstance->startup_time; struct tm* stime; stime = gmtime(&server_uptime); - data << "" << stime->tm_yday << "" << stime->tm_hour << "" << stime->tm_min << "" << stime->tm_sec << ""; + data << "" << stime->tm_yday << "" << stime->tm_hour << "" << stime->tm_min << "" << stime->tm_sec << "" << ServerInstance->startup_time << ""; data << ""; @@ -91,13 +122,13 @@ class ModuleHttpStats : public Module data << "" << c->GetOppedUsers()->size() << ""; data << "" << c->GetHalfoppedUsers()->size() << ""; data << "" << c->GetVoicedUsers()->size() << ""; - data << "" << c->topic << ""; - data << "" << c->ChanModes(false) << ""; + data << "" << Sanitize(c->topic) << ""; + data << "" << Sanitize(c->ChanModes(false)) << ""; CUList* ulist = c->GetUsers(); for (CUList::iterator x = ulist->begin(); x != ulist->end(); ++x) { - data << "" << x->first->uuid << "" << c->GetAllPrefixChars(x->first) << ""; + data << "" << x->first->uuid << "" << Sanitize(c->GetAllPrefixChars(x->first)) << ""; } data << ""; } @@ -110,13 +141,13 @@ class ModuleHttpStats : public Module data << ""; data << "" << u->nick << "" << u->uuid << "" << u->host << "" << u->dhost << ""; - data << "" << u->fullname << "" << u->server << "" << u->awaymsg << "" << u->oper << ""; + data << "" << Sanitize(u->fullname) << "" << u->server << "" << Sanitize(u->awaymsg) << "" << Sanitize(u->oper) << ""; std::string modes; for (unsigned char n = 'A'; n <= 'z'; ++n) if (u->IsModeSet(n)) modes += n; - data << modes << "" << u->ident << "" << u->GetPort() << "" << u->GetIPString() << ""; + data << modes << "" << Sanitize(u->ident) << "" << u->GetPort() << "" << u->GetIPString() << ""; data << ""; } -- cgit v1.2.3