diff options
author | Justin Maggard <jmaggard@users.sourceforce.net> | 2012-02-14 03:07:40 +0400 |
---|---|---|
committer | Justin Maggard <jmaggard@users.sourceforce.net> | 2012-02-14 03:07:40 +0400 |
commit | cf8db09de07482aad3617b2934552b22b30203b1 (patch) | |
tree | 1e3cc818a80c7287d019bd22d3ec1fb78de55c04 | |
parent | 85701d3a994f141aa05162b54f76dfd33c1eb6fc (diff) |
* Properly escape double quotes.
-rw-r--r-- | upnpsoap.c | 27 | ||||
-rw-r--r-- | utils.c | 3 |
2 files changed, 6 insertions, 24 deletions
@@ -1392,20 +1392,6 @@ SearchContentDirectory(struct upnphttp * h, const char * action) args.flags |= FLAG_FREE_OBJECT_ID; } } - #if 0 // Looks like the 360 already does this - /* Sort by track number for some containers */ - if( orderBy && - ((strncmp(ContainerID, MUSIC_GENRE_ID, 3) == 0) || - (strncmp(ContainerID, MUSIC_ARTIST_ID, 3) == 0) || - (strncmp(ContainerID, MUSIC_ALBUM_ID, 3) == 0)) ) - { - DPRINTF(E_DEBUG, L_HTTP, "Old sort order: %s\n", orderBy); - sprintf(str_buf, "d.TRACK, "); - memmove(orderBy+18, orderBy+9, strlen(orderBy)+1); - memmove(orderBy+9, &str_buf, 9); - DPRINTF(E_DEBUG, L_HTTP, "New sort order: %s\n", orderBy); - } - #endif } DPRINTF(E_DEBUG, L_HTTP, "Searching ContentDirectory:\n" " * ObjectID: %s\n" @@ -1432,7 +1418,6 @@ SearchContentDirectory(struct upnphttp * h, const char * action) SearchCriteria = modifyString(SearchCriteria, "'", "'", 0); SearchCriteria = modifyString(SearchCriteria, "<", "<", 0); SearchCriteria = modifyString(SearchCriteria, ">", ">", 0); - SearchCriteria = modifyString(SearchCriteria, "\\\"", "\"\"", 0); SearchCriteria = modifyString(SearchCriteria, "object.", "", 0); SearchCriteria = modifyString(SearchCriteria, "derivedfrom", "like", 1); SearchCriteria = modifyString(SearchCriteria, "contains", "like", 2); @@ -1458,16 +1443,12 @@ SearchContentDirectory(struct upnphttp * h, const char * action) newSearchCriteria = strdup(SearchCriteria); SearchCriteria = newSearchCriteria = modifyString(newSearchCriteria, "res is ", "MIME is ", 0); } - #if 0 // Does 360 need this? - if( strstr(SearchCriteria, "&") ) + if( strstr(SearchCriteria, "\\\"") ) { - if( newSearchCriteria ) - newSearchCriteria = modifyString(newSearchCriteria, "&", "&amp;", 0); - else - newSearchCriteria = modifyString(strdup(SearchCriteria), "&", "&amp;", 0); - SearchCriteria = newSearchCriteria; + if( !newSearchCriteria ) + newSearchCriteria = strdup(SearchCriteria); + SearchCriteria = newSearchCriteria = modifyString(newSearchCriteria, "\\\"", "&quot;", 0); } - #endif } DPRINTF(E_DEBUG, L_HTTP, "Translated SearchCriteria: %s\n", SearchCriteria); @@ -182,12 +182,13 @@ escape_tag(const char *tag, int force_alloc) { char *esc_tag = NULL; - if( strchr(tag, '&') || strchr(tag, '<') || strchr(tag, '>') ) + if( strchr(tag, '&') || strchr(tag, '<') || strchr(tag, '>') || strchr(tag, '"') ) { esc_tag = strdup(tag); esc_tag = modifyString(esc_tag, "&", "&amp;", 0); esc_tag = modifyString(esc_tag, "<", "&lt;", 0); esc_tag = modifyString(esc_tag, ">", "&gt;", 0); + esc_tag = modifyString(esc_tag, "\"", "&quot;", 0); } else if( force_alloc ) esc_tag = strdup(tag); |