o2on svn commit
o2on-****@lists*****
2008年 4月 19日 (土) 16:01:24 JST
Revision: 75
http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi?root=o2on&view=rev&rev=75
Author: electrolysis
Date: 2008-04-19 16:01:24 +0900 (Sat, 19 Apr 2008)
Log Message:
-----------
FIX: SQL文によっては不正なXMLが生成される
Modified Paths:
--------------
branches/BRANCH_0043/o2on/src.o2on/O2Server_HTTP_Admin.h
branches/BRANCH_0043/o2on/src.o2on/dataconv.cpp
branches/BRANCH_0043/o2on/src.o2on/dataconv.h
Modified: branches/BRANCH_0043/o2on/src.o2on/O2Server_HTTP_Admin.h
===================================================================
--- branches/BRANCH_0043/o2on/src.o2on/O2Server_HTTP_Admin.h 2008-04-19 06:24:47 UTC (rev 74)
+++ branches/BRANCH_0043/o2on/src.o2on/O2Server_HTTP_Admin.h 2008-04-19 07:01:24 UTC (rev 75)
@@ -1635,11 +1635,13 @@
void GET_xml_sql(O2SocketSession *ss)
{
wstring str;
+ wstring escaped;
str += L"<?str version=\"1.0\" encoding=\"";
str += _T(DEFAULT_XML_CHARSET);
str += L"\"?>";
str += L"<result>";
- str += L"<sql>"+sql+L"</sql>";
+ escapeCDATA(sql, escaped);
+ str += L"<sql><![CDATA["+ escaped +L"]]></sql>";
if (!sqlresult.empty()) {
wchar_t tmp[16];
swprintf_s(tmp, 16, L"%u", sqlresult.size()-1);
@@ -1650,10 +1652,11 @@
for (size_t i = 0; i < sqlresult.size(); i++) {
str += L"<row>";
for (size_t j = 0; j < sqlresult[i].size(); j++) {
+ escapeCDATA(sqlresult[i][j], escaped);
if (i == 0)
- str += L"<name>" + sqlresult[i][j] + L"</name>";
+ str += L"<name><![CDATA[" + escaped + L"]]></name>";
else
- str += L"<col>" + sqlresult[i][j] + L"</col>";
+ str += L"<col><![CDATA[" + escaped + L"]]></col>";
}
str += L"</row>";
}
Modified: branches/BRANCH_0043/o2on/src.o2on/dataconv.cpp
===================================================================
--- branches/BRANCH_0043/o2on/src.o2on/dataconv.cpp 2008-04-19 06:24:47 UTC (rev 74)
+++ branches/BRANCH_0043/o2on/src.o2on/dataconv.cpp 2008-04-19 07:01:24 UTC (rev 75)
@@ -810,7 +810,7 @@
// ---------------------------------------------------------------------------
// convertGTLT
-//
+// escapeCDATA
// ---------------------------------------------------------------------------
void convertGTLT(const string &in, string &out)
{
@@ -838,10 +838,30 @@
out = t.str();
}
+void escapeCDATA(const string &in, string &out)
+{
+ out = string(in);
+ string from = "]]>";
+ string to = "]]]]><![CDATA[>";
+ for (size_t pos = 0; (pos = out.find(from, pos)) != string::npos; pos += to.size())
+ out.replace(pos, from.size(), to);
+}
+void escapeCDATA(const wstring &in, wstring &out)
+{
+ out = wstring(in);
+ wstring from = L"]]>";
+ wstring to = L"]]]]><![CDATA[>";
+ for (size_t pos = 0; (pos = out.find(from, pos)) != string::npos; pos += to.size())
+ out.replace(pos, from.size(), to);
+}
+
+
+
+
// ---------------------------------------------------------------------------
// xml_AddElement
//
Modified: branches/BRANCH_0043/o2on/src.o2on/dataconv.h
===================================================================
--- branches/BRANCH_0043/o2on/src.o2on/dataconv.h 2008-04-19 06:24:47 UTC (rev 74)
+++ branches/BRANCH_0043/o2on/src.o2on/dataconv.h 2008-04-19 07:01:24 UTC (rev 75)
@@ -78,6 +78,8 @@
void convertGTLT(const string &in, string &out);
void convertGTLT(const wstring &in, wstring &out);
+extern void escapeCDATA(const string &in, string &out);
+extern void escapeCDATA(const wstring &in, wstring &out);
extern void xml_AddElement(wstring &xml, const wchar_t *tag, const wchar_t *attr, const wchar_t *val, bool escape = false);
extern void xml_AddElement(wstring &xml, const wchar_t *tag, const wchar_t *attr, int val);