From: Jo-Philipp Wich <jow@openwrt.org>
Date: Sun, 25 Jan 2009 12:29:37 +0000 (+0000)
Subject: libs/core: rework luci.util.pcdata() to also escape ascii control chars
X-Git-Tag: 0.9.0~746
X-Git-Url: https://git.archive.openwrt.org/?p=project%2Fluci.git;a=commitdiff_plain;h=e226a77b2470b7c7c95f9a1bb764fbdc02c06f84

libs/core: rework luci.util.pcdata() to also escape ascii control chars
---

diff --git a/libs/core/luasrc/util.lua b/libs/core/luasrc/util.lua
index 10606e825..03eb2f128 100644
--- a/libs/core/luasrc/util.lua
+++ b/libs/core/luasrc/util.lua
@@ -193,16 +193,24 @@ end
 --- Create valid XML PCDATA from given string.
 -- @param value	String value containing the data to escape
 -- @return		String value containing the escaped data
-local _pcdata_repl = {
-                ["&"] = "&#38;",
-                ['"'] = "&#34;",
-                ["'"] = "&#39;",
-                ["<"] = "&#60;",
-                [">"] = "&#62;"
-}
+local function _pcdata_repl(c)
+	local i = string.byte(c)
+
+	if ( i >= 0x00 and i <= 0x08 ) or
+	   ( i >= 0x0B and i <= 0x0C ) or
+	   ( i >= 0x0E and i <= 0x0F ) or
+	   ( i >= 0x26 and i <= 0x27 ) or
+	   ( i == 0x7F ) or ( i == 0x22 ) or
+	   ( i == 0x3C ) or ( i == 0x3E )
+	then
+		return string.format("&#%i;", i)
+	end
+
+	return c
+end
 
 function pcdata(value)
-	return value and tostring(value):gsub("[&\"'<>]", _pcdata_repl)
+	return value and tostring(value):gsub("[&\"'<>%c]", _pcdata_repl)
 end
 
 --- Strip HTML tags from given string.