diff --git a/ChangeLog b/ChangeLog index 9c229592..939b4cc6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Sat May 8 22:56:22 CEST 2004 Daniel Veillard + + * uri.c xmlIO.c: fixing some problems in URI unescaping + and output buffer opening, this should fix #141864 + Fri May 7 22:31:54 CEST 2004 Daniel Veillard * valid.c include/libxml/valid.h: fixes the use of 'list' as a parameter diff --git a/uri.c b/uri.c index b89603cd..1b2c08a0 100644 --- a/uri.c +++ b/uri.c @@ -785,6 +785,14 @@ xmlNormalizeURIPath(char *path) { return(0); } +static int is_hex(char c) { + if (((c >= '0') && (c <= '9')) || + ((c >= 'a') && (c <= 'f')) || + ((c >= 'A') && (c <= 'F'))) + return(1); + return(0); +} + /** * xmlURIUnescapeString: * @str: the string to unescape @@ -818,7 +826,7 @@ xmlURIUnescapeString(const char *str, int len, char *target) { in = str; out = ret; while(len > 0) { - if (*in == '%') { + if ((*in == '%') && (is_hex(in[1])) && (is_hex(in[2]))) { in++; if ((*in >= '0') && (*in <= '9')) *out = (*in - '0'); diff --git a/xmlIO.c b/xmlIO.c index 970fa6e8..cb67fb83 100644 --- a/xmlIO.c +++ b/xmlIO.c @@ -2217,33 +2217,38 @@ xmlOutputBufferCreateFilename(const char *URI, xmlCharEncodingHandlerPtr encoder, int compression ATTRIBUTE_UNUSED) { xmlOutputBufferPtr ret; + xmlURIPtr puri; int i = 0; void *context = NULL; - char *unescaped; - - int is_http_uri = 0; /* Can't change if HTTP disabled */ + char *unescaped = NULL; + int is_file_uri = 1; if (xmlOutputCallbackInitialized == 0) xmlRegisterDefaultOutputCallbacks(); if (URI == NULL) return(NULL); -#ifdef LIBXML_HTTP_ENABLED - /* Need to prevent HTTP URI's from falling into zlib short circuit */ - - is_http_uri = xmlIOHTTPMatch( URI ); -#endif - + puri = xmlParseURI(URI); + if (puri != NULL) { + if ((puri->scheme == NULL) || + (xmlStrEqual(BAD_CAST puri->scheme, BAD_CAST "file"))) + is_file_uri = 0; + /* + * try to limit the damages of the URI unescaping code. + */ + if (puri->scheme != NULL) + unescaped = xmlURIUnescapeString(URI, 0, NULL); + xmlFreeURI(puri); + } /* * Try to find one of the output accept method accepting that scheme * Go in reverse to give precedence to user defined handlers. * try with an unescaped version of the URI */ - unescaped = xmlURIUnescapeString(URI, 0, NULL); if (unescaped != NULL) { #ifdef HAVE_ZLIB_H - if ((compression > 0) && (compression <= 9) && (is_http_uri == 0)) { + if ((compression > 0) && (compression <= 9) && (is_file_uri == 1)) { context = xmlGzfileOpenW(unescaped, compression); if (context != NULL) { ret = xmlAllocOutputBuffer(encoder); @@ -2280,7 +2285,7 @@ xmlOutputBufferCreateFilename(const char *URI, */ if (context == NULL) { #ifdef HAVE_ZLIB_H - if ((compression > 0) && (compression <= 9) && (is_http_uri == 0)) { + if ((compression > 0) && (compression <= 9) && (is_file_uri == 1)) { context = xmlGzfileOpenW(URI, compression); if (context != NULL) { ret = xmlAllocOutputBuffer(encoder);