From cfb7d764a4cb2e78e49345667ab3723702805c28 Mon Sep 17 00:00:00 2001 From: Gabriel Burt <gabriel.burt@gmail.com> Date: Mon, 04 May 2009 15:29:54 +0000 Subject: Escape tainted values in HTML output in DAAP plugin (BGO #577270) --- diff --git a/src/Extensions/Banshee.Daap/Banshee.Daap/DaapProxyWebServer.cs b/src/Extensions/Banshee.Daap/Banshee.Daap/DaapProxyWebServer.cs index 8985066..bf1bad1 100644 --- a/src/Extensions/Banshee.Daap/Banshee.Daap/DaapProxyWebServer.cs +++ b/src/Extensions/Banshee.Daap/Banshee.Daap/DaapProxyWebServer.cs @@ -192,7 +192,7 @@ namespace Banshee.Daap body += "<ul>"; foreach(DAAP.Database database in (ArrayList)databases.Clone()) { body += String.Format("<li><a href=\"/{0}\">{1} ({2} Tracks)</a></li>", - database.GetHashCode(), database.Name, database.TrackCount); + database.GetHashCode(), Escape (database.Name), database.TrackCount); } body += "</ul>"; } @@ -209,7 +209,7 @@ namespace Banshee.Daap continue; } - body = GetHtmlHeader("Tracks in " + database.Name); + body = GetHtmlHeader("Tracks in " + Escape (database.Name)); if(database.TrackCount == 0) { body += "<blockquote><p><em>No songs in this database.</em></p></blockquote>"; @@ -217,7 +217,7 @@ namespace Banshee.Daap body += "<p>Showing all " + database.TrackCount + " songs:</p><ul>"; foreach(DAAP.Track song in database.Tracks) { body += String.Format("<li><a href=\"/{0}/{1}\">{2} - {3}</a> ({4}:{5})</li>", - database.GetHashCode(), song.Id, song.Artist, song.Title, + database.GetHashCode(), song.Id, Escape (song.Artist), Escape (song.Title), song.Duration.Minutes, song.Duration.Seconds.ToString("00")); } body += "</ul>"; @@ -275,7 +275,7 @@ namespace Banshee.Daap code = HttpStatusCode.BadRequest; body = GetHtmlHeader("Invalid Request"); body += String.Format("<p>The request '{0}' could not be processed by server.</p>", - split_request[1]); + Escape (split_request[1])); } WriteResponse(client, code, body + GetHtmlFooter()); @@ -351,6 +351,11 @@ namespace Banshee.Daap } } } + + private static string Escape (string input) + { + return String.IsNullOrEmpty (input) ? "" : System.Web.HttpUtility.HtmlEncode (input); + } private static string GetHtmlHeader(string title) { -- cgit v0.8.2