Annotation of parser3/src/main/untaint.C, revision 1.151
1.7 paf 1: /** @file
1.8 paf 2: Parser: String class part: untaint mechanizm.
3:
1.135 paf 4: Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com)
1.89 paf 5: Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
1.103 paf 6: */
1.8 paf 7:
1.151 ! misha 8: static const char * const IDENT_UNTAINT_C="$Date: 2009-07-07 12:14:00 $";
1.117 paf 9:
1.1 paf 10:
11: #include "pa_string.h"
12: #include "pa_hash.h"
13: #include "pa_exception.h"
1.13 paf 14: #include "pa_table.h"
1.32 paf 15: #include "pa_globals.h"
1.58 parser 16: #include "pa_dictionary.h"
1.66 parser 17: #include "pa_common.h"
1.85 paf 18: #include "pa_charset.h"
1.117 paf 19: #include "pa_request_charsets.h"
20: #include "pa_sapi.h"
1.1 paf 21:
1.117 paf 22: extern "C" { // author forgot to do that
23: #include "ec.h"
24: }
1.91 paf 25:
1.117 paf 26: #include "pa_sql_connection.h"
1.91 paf 27:
1.117 paf 28: // defines
29:
30: #undef CORD_ec_append
31: // redefining to intercept flushes and implement whitespace optimization
32: // of all consequent white space chars leaving only first one
33: #define CORD_ec_append(x, c) \
34: { \
35: bool skip=false; \
36: if(optimize) switch(c) { \
1.131 paf 37: case ' ': case '\n': case '\t': \
1.117 paf 38: if(whitespace) \
39: skip=true; /*skipping subsequent*/ \
40: else \
41: whitespace=true; \
42: break; \
43: default: \
44: whitespace=false; \
45: break; \
46: } \
47: if(!skip) { \
48: if ((x)[0].ec_bufptr == (x)[0].ec_buf + CORD_BUFSZ) { \
49: CORD_ec_flush_buf(x); \
50: } \
51: *((x)[0].ec_bufptr)++ = (c); \
52: } \
53: }
54:
55:
1.140 misha 56: #define escape_fragment(action) \
1.119 paf 57: for(; fragment_length--; CORD_next(info->pos)) { \
58: char c=CORD_pos_fetch(info->pos); \
1.117 paf 59: action \
1.1 paf 60: }
1.133 paf 61: #define _default CORD_ec_append(info->result, c)
1.117 paf 62: #define encode(need_encode_func, prefix, otherwise) \
63: if(need_encode_func(c)) { \
64: static const char* hex="0123456789ABCDEF"; \
1.119 paf 65: CORD_ec_append(info->result, prefix); \
66: CORD_ec_append(info->result, hex[((unsigned char)c)/0x10]); \
67: CORD_ec_append(info->result, hex[((unsigned char)c)%0x10]); \
1.117 paf 68: } else \
1.119 paf 69: CORD_ec_append(info->result, otherwise);
1.126 paf 70: #define to_char(c) { CORD_ec_append(info->result, c); whitespace=false; }
71: #define to_string(s) { CORD_ec_append_cord(info->result, s); whitespace=false; }
1.4 paf 72:
1.9 paf 73: inline bool need_file_encode(unsigned char c){
1.108 paf 74: // russian letters and space ENABLED
75: // encoding only these...
76: return strchr(
1.143 misha 77: "*?'\"<>|"
1.108 paf 78: #ifndef WIN32
1.143 misha 79: ":\\"
1.31 paf 80: #endif
1.143 misha 81: , c)!=0;
1.9 paf 82: }
1.143 misha 83:
1.5 paf 84: inline bool need_uri_encode(unsigned char c){
1.143 misha 85: if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z'))
1.4 paf 86: return false;
87:
1.143 misha 88: return !strchr("_-./", c);
1.5 paf 89: }
1.143 misha 90:
1.36 paf 91: inline bool need_http_header_encode(unsigned char c){
1.143 misha 92: if(strchr(" , :", c))
1.5 paf 93: return false;
94:
95: return need_uri_encode(c);
1.4 paf 96: }
1.143 misha 97:
1.136 paf 98: inline bool need_regex_escape(unsigned char c){
1.142 misha 99: return strchr("\\^$.[]|()?*+{}-", c)!=0;
1.136 paf 100: }
1.1 paf 101:
1.150 misha 102: inline bool need_parser_code_escape(unsigned char c){
103: return strchr("^$;@()[]{}:#\"", c)!=0;
104: }
105:
1.1 paf 106: // String
107:
1.41 paf 108: /*
109: HTTP-header = field-name ":" [ field-value ] CRLF
110:
111: field-name = token
112: field-value = *( field-content | LWS )
113:
114: field-content = <the OCTETs making up the field-value
115: and consisting of either *TEXT or combinations
116: of token, tspecials, and quoted-string>
117:
118:
119:
120: word = token | quoted-string
121:
122: token = 1*<any CHAR except CTLs or tspecials>
123:
124:
125:
126: tspecials = "(" | ")" | "<" | ">" | "@"
127: | "," | ";" | ":" | "\" | <">
128: | "/" | "[" | "]" | "?" | "="
129: | "{" | "}" | SP | HT
130:
131: SP = <US-ASCII SP, space (32)>
132: HT = <US-ASCII HT, horizontal-tab (9)>
133:
134: LWS = [CRLF] 1*( SP | HT )
135: TEXT = <any OCTET except CTLs,
136: but including LWS>
137:
138: quoted-pair = "\" CHAR
139:
140: if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr))
141: */
1.117 paf 142: inline bool need_quote_http_header(const char* ptr, size_t size) {
1.41 paf 143: for(; size--; ptr++)
1.42 paf 144: if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr))
1.41 paf 145: return true;
146: return false;
147: }
148:
1.119 paf 149: #ifndef DOXYGEN
150: struct Append_fragment_info {
151: String::Language lang;
152: String::Languages* dest_languages;
153: size_t dest_body_plan_length;
154: };
155: #endif
156: int append_fragment_optimizing(char alang, size_t asize, Append_fragment_info* info) {
157: const String::Language lang=(String::Language)(unsigned char)alang;
158: // main idea here:
159: // tainted piece would get OPTIMIZED bit from 'lang'
160: // clean piece would be marked OPTIMIZED manually
161: // pieces with determined languages [not tainted|clean] would retain theirs langs
162: info->dest_languages->append(info->dest_body_plan_length,
1.120 paf 163: lang==String::L_TAINTED?
1.119 paf 164: info->lang
1.120 paf 165: :lang==String::L_CLEAN?
166: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) // ORing with OPTIMIZED flag
1.119 paf 167: :lang,
168: asize);
169: info->dest_body_plan_length+=asize;
170:
171: return 0; // 0=continue
172: }
173: int append_fragment_nonoptimizing(char alang, size_t asize, Append_fragment_info* info) {
174: const String::Language lang=(String::Language)(unsigned char)alang;
175: // The core idea: tainted pieces got marked with context's lang
176: info->dest_languages->append(info->dest_body_plan_length,
1.120 paf 177: lang==String::L_TAINTED?
1.119 paf 178: info->lang
179: :lang,
180: asize);
181: info->dest_body_plan_length+=asize;
182:
183: return 0; // 0=continue
184: }
1.117 paf 185:
1.91 paf 186: /**
1.117 paf 187: appends to other String,
1.91 paf 188: marking all tainted pieces of it with @a lang.
1.92 paf 189: or marking ALL pieces of it with a @a lang when @a forced to,
190: and propagating OPTIMIZE language bit.
1.117 paf 191: */
1.147 misha 192: String& String::append_to(String& dest, Language ilang, bool forced) const {
1.117 paf 193: if(is_empty())
194: return dest;
1.91 paf 195:
1.119 paf 196: // first: fragment infos
1.117 paf 197:
1.147 misha 198: if(ilang==L_PASS_APPENDED) // without language-change?
199: dest.langs.appendHelper(dest.body, langs, body);
1.117 paf 200: else if(forced) //forcing passed lang?
1.147 misha 201: dest.langs.appendHelper(dest.body, ilang, body);
202: else {
203: if(langs.opt.is_not_just_lang){
204: Append_fragment_info info={ilang, &dest.langs, dest.body.length()};
205: langs.for_each(body, ilang&L_OPTIMIZE_BIT?
206: append_fragment_optimizing
207: :append_fragment_nonoptimizing, &info);
208: } else {
209: Language lang=langs.opt.lang;
210: // see append_fragment_* for explanation
211: if(ilang&L_OPTIMIZE_BIT){
212: dest.langs.appendHelper(dest.body,
213: lang==String::L_TAINTED?
214: ilang
215: :lang==String::L_CLEAN?
216: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT)
217: :lang,
218: body);
219: } else {
220: dest.langs.appendHelper(dest.body, lang==String::L_TAINTED ? ilang:lang, body);
221: }
222: }
1.91 paf 223: }
224:
1.119 paf 225: // next: letters
226: dest.body<<body;
227:
1.117 paf 228: ASSERT_STRING_INVARIANT(dest);
1.75 paf 229: return dest;
1.51 parser 230: }
231:
1.109 paf 232: /** http://www.ietf.org/rfc/rfc2047.txt
233: RFC
234: (3) As a replacement for a 'word' entity within a 'phrase', for example,
235: one that precedes an address in a From, To, or Cc header. The ABNF
236: definition for 'phrase' from RFC 822 thus becomes:
237:
238: phrase = 1*( encoded-word / word )
239:
240: In this case the set of characters that may be used in a "Q"-encoded
241: 'encoded-word' is restricted to: <upper and lower case ASCII
242: letters, decimal digits, "!", "*", "+", "-", "/", "=", and "_"
243: (underscore, ASCII 95.)>. An 'encoded-word' that appears within a
244: 'phrase' MUST be separated from any adjacent 'word', 'text' or
245: 'special' by 'linear-white-space'.
246: ...
247: (2) The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be
248: represented as "_" (underscore, ASCII 95.). (This character may
249: not pass through some internetwork mail gateways, but its use
250: will greatly enhance readability of "Q" encoded data with mail
251: readers that do not support this encoding.) Note that the "_"
252: always represents hexadecimal 20, even if the SPACE character
253: occupies a different code position in the character set in use.
254:
255: paf: obviously,
256: without "=", or one could not differ "=E0" and "russian letter a"
257: and without "_", or in would mean 0x20
258: */
1.117 paf 259: inline bool mail_header_char_valid_within_Qencoded(char c) {
1.109 paf 260: return c>='A' && c<='Z'
261: || c>='a' && c<='Z'
262: || c>='0' && c<='9'
263: || strchr("!*+-/", c);
264: }
1.118 paf 265: inline bool addr_spec_soon(const char *src) {
1.124 paf 266: for(char c; (c=*src); src++)
1.118 paf 267: if(c=='<')
268: return true;
269: else if(!(c==' ' || c=='\t'))
270: return false;
271: return false;
272: }
1.117 paf 273: /**
274: RFC
275: Upper case should be used for hexadecimal digits "A" through "F"
276: The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE)
277: may be represented as "_"
278: */
279: inline bool mail_header_nonspace_char(char c) {
280: return c != 0x20;
281: }
1.125 paf 282:
1.117 paf 283: inline void ec_append(CORD_ec& result, bool& optimize, bool& whitespace, CORD_pos pos, size_t size) {
284: while(size--) {
285: CORD_ec_append(result, CORD_pos_fetch(pos));
286: CORD_next(pos);
287: }
288: }
289: inline void pa_CORD_pos_advance(CORD_pos pos, size_t n) {
290: while(true) {
1.125 paf 291: long avail=CORD_pos_chars_left(pos);
292: if(avail<=0) {
1.117 paf 293: CORD_next(pos);
294: if(!--n)
295: break;
1.125 paf 296: } else if((size_t)avail<n) {
1.117 paf 297: CORD_pos_advance(pos, avail);
298: n-=avail;
299: } else { // avail>=n
300: CORD_pos_advance(pos, n);
301: break;
302: }
303: }
304: }
305:
1.119 paf 306: #ifndef DOXYGEN
307: struct Cstr_to_string_body_block_info {
308: // input
309: String::Language lang;
310: SQL_Connection* connection;
311: const Request_charsets* charsets;
312: const String::Body* body;
313:
314: // output
315: CORD_ec result;
316:
317: // private
318: CORD_pos pos;
319: size_t fragment_begin;
320: bool whitespace;
1.138 misha 321: const char* exception;
1.119 paf 322: };
323: #endif
1.151 ! misha 324:
! 325: // @todo: replace info->body->mid with something that uses info->pos
1.148 misha 326: int cstr_to_string_body_block(String::Language to_lang, size_t fragment_length, Cstr_to_string_body_block_info* info) {
1.119 paf 327: bool& whitespace=info->whitespace;
328: size_t fragment_end=info->fragment_begin+fragment_length;
1.148 misha 329: //fprintf(stderr, "%d, %d =%s=\n", to_lang, fragment_length, info->body->cstr());
1.119 paf 330:
1.120 paf 331: bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0;
1.119 paf 332: if(!optimize)
333: whitespace=false;
334:
1.120 paf 335: switch(to_lang & ~String::L_OPTIMIZE_BIT) {
336: case String::L_CLEAN:
337: case String::L_TAINTED:
338: case String::L_AS_IS:
1.119 paf 339: // clean piece
340:
341: // tainted piece, but undefined untaint language
342: // for VString.as_double of tainted values
343: // for ^process{body} evaluation
344:
345: // tainted, untaint language: as-is
346: ec_append(info->result, optimize, whitespace, info->pos, fragment_length);
347: break;
1.120 paf 348: case String::L_FILE_SPEC:
1.119 paf 349: // tainted, untaint language: file [name]
1.140 misha 350: {
351: bool is1251=(info->charsets && info->charsets->source().NAME()=="WINDOWS-1251");
352: escape_fragment(
353: // Macintosh has problems with small Russian letter 'r'
354: if( is1251 && c=='\xF0' ) {
355: // fixing that letter for most common charset
356: to_char('p');
357: } else // fallback to default
358: encode(need_file_encode, '_', c);
359: );
360: }
1.119 paf 361: break;
1.144 misha 362: case String::L_FILE_POST:
363: {
364: escape_fragment(switch(c) {
365: case '\0': to_string("\\0"); break;
366: case '\\': to_string("\\\\"); break;
367: default: _default; break;
368: });
369: }
370: break;
1.120 paf 371: case String::L_URI:
372: case String::L_HTTP_HEADER:
1.119 paf 373: // tainted, untaint language: http-field-content-text
1.140 misha 374: escape_fragment(
1.119 paf 375: encode(need_uri_encode, '%', c);
376: );
377: break;
1.120 paf 378: case String::L_MAIL_HEADER:
1.119 paf 379: // tainted, untaint language: mail-header
380: // http://www.ietf.org/rfc/rfc2047.txt
381: if(info->charsets) {
382: size_t mail_size;
383: const char *mail_ptr=
384: info->body->mid(info->fragment_begin, mail_size=fragment_length).cstr();
385: // skip source [we use recoded version]
386: pa_CORD_pos_advance(info->pos, mail_size);
387:
388: const char* charset_name=info->charsets->mail().NAME().cstr();
389:
390: // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?=
391: bool to_quoted_printable=false;
392:
393: bool email=false;
394: uchar c;
1.124 paf 395: for(const char* src=mail_ptr; (c=(uchar)*src++); ) {
1.137 paf 396: if(c=='\r' || c=='\n')
397: c=' ';
1.130 paf 398: if(to_quoted_printable && (c==',' || c == '"' || addr_spec_soon(src-1/*position to 'c'*/))) {
1.119 paf 399: email=c=='<';
400: to_string("?=");
401: to_quoted_printable=false;
402: }
1.130 paf 403: //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'.
1.119 paf 404: if(!email && (
405: !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char
406: || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c)
407: )) {
408: if(!to_quoted_printable) {
409: to_string("=?");
410: to_string(charset_name);
411: to_string("?Q?");
412: to_quoted_printable=true;
1.105 paf 413: }
1.119 paf 414: encode(mail_header_nonspace_char, '=', '_');
415: } else
416: to_char(c);
417: if(c=='>')
418: email=false;
419: }
420: if(to_quoted_printable) // close
421: to_string("?=");
422:
423: } else
424: ec_append(info->result, optimize, whitespace, info->pos, fragment_length);
425: break;
1.120 paf 426: case String::L_SQL:
1.119 paf 427: // tainted, untaint language: sql
428: if(info->connection) {
429: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
430: // skip source [we use recoded version]
431: pa_CORD_pos_advance(info->pos, fragment_length);
432:
433: to_string(info->connection->quote(fragment_str, fragment_length));
1.138 misha 434: } else {
435: info->exception="untaint in SQL language failed - no connection specified";
436: info->fragment_begin=fragment_end;
437: return 1; // stop processing. can't throw exception here
438: }
1.119 paf 439: break;
1.120 paf 440: case String::L_JS:
1.140 misha 441: escape_fragment(switch(c) {
442: case '\n': to_string("\\n"); break;
1.119 paf 443: case '"': to_string("\\\""); break;
444: case '\'': to_string("\\'"); break;
445: case '\\': to_string("\\\\"); break;
446: case '\xFF': to_string("\\\xFF"); break;
1.146 misha 447: case '\r': to_string("\\r"); break;
1.133 paf 448: default: _default; break;
1.119 paf 449: });
450: break;
1.120 paf 451: case String::L_XML:
1.133 paf 452: // [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
1.140 misha 453: escape_fragment(switch(c) {
454: case '\x20':
455: case '\x9':
456: case '\xA':
1.133 paf 457: case '\xD': // this is usually removed on input
458: _default;
459: break;
1.119 paf 460: case '&': to_string("&"); break;
461: case '>': to_string(">"); break;
462: case '<': to_string("<"); break;
463: case '"': to_string("""); break;
464: case '\'': to_string("'"); break;
1.133 paf 465: default:
466: if(((unsigned char)c)<0x20) {
467: // fixing it, so that libxml would not result
468: // in fatal error parsing text
469: // though it really violates standard.
470: // to indicate there were an error
471: // replace bad char not to it's code,
472: // which we can do,
473: // but rather to '!' to show that input were actually
474: // invalid.
475: // life: shows that MSIE can somehow garble form values
476: // so that they contain these chars.
477: to_char('!');
478: } else {
479: _default;
480: }
481: break;
1.119 paf 482: });
483: break;
1.120 paf 484: case String::L_HTML:
1.140 misha 485: escape_fragment(switch(c) {
1.119 paf 486: case '&': to_string("&"); break;
487: case '>': to_string(">"); break;
488: case '<': to_string("<"); break;
489: case '"': to_string("""); break;
1.133 paf 490: default: _default; break;
1.119 paf 491: });
492: break;
1.136 paf 493: case String::L_REGEX:
494: // tainted, untaint language: regex
1.140 misha 495: escape_fragment(
1.136 paf 496: if(need_regex_escape(c))
497: to_char('\\')
498: _default;
499: );
500: break;
1.140 misha 501: case String::L_HTTP_COOKIE:
502: // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8)
503: {
504: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
505: // skip source [we use recoded version]
506: pa_CORD_pos_advance(info->pos, fragment_length);
507: String::C output(fragment_str, fragment_length);
508:
509: output=Charset::escape(output, info->charsets->source());
510: //throw Exception(0, 0, output);
511: to_string(output);
512:
513: }
514: break;
1.150 misha 515: case String::L_PARSER_CODE:
516: // for auto-untaint in process
517: escape_fragment(
518: if(need_parser_code_escape(c))
519: to_char('^');
520: _default;
521: );
522: break;
1.119 paf 523: default:
1.127 paf 524: SAPI::abort("unknown untaint language #%d",
1.119 paf 525: static_cast<int>(to_lang)); // should never
526: break; // never
1.117 paf 527: }
1.55 parser 528:
1.119 paf 529: info->fragment_begin=fragment_end;
530:
531: return 0; // 0=continue
532: }
533:
534:
1.148 misha 535: String::Body String::cstr_to_string_body_taint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const {
1.134 paf 536: if(is_empty())
537: return String::Body();
1.119 paf 538:
539: Cstr_to_string_body_block_info info;
540: // input
541: info.lang=lang;
542: info.connection=connection;
543: info.charsets=charsets;
544: info.body=&body;
545: // output
546: CORD_ec_init(info.result);
547: // private
548: body.set_pos(info.pos, 0);
549: info.fragment_begin=0;
1.138 misha 550: info.exception=0;
1.119 paf 551: info.whitespace=true;
552:
1.148 misha 553: cstr_to_string_body_block(lang, length(), &info);
554:
555: if(info.exception)
556: throw Exception(0,
557: 0,
558: info.exception);
559:
560: return String::Body(CORD_ec_to_cord(info.result));
561: }
562:
563: int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){
564: const String::Language lang=(String::Language)(unsigned char)alang;
565: // see append_fragment_* for explanation
566: if(info->lang&String::L_OPTIMIZE_BIT)
567: return cstr_to_string_body_block(
568: lang==String::L_TAINTED?
569: info->lang
570: :lang==String::L_CLEAN?
571: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT)
572: :lang,
573: fragment_length, info);
574: else
575: return cstr_to_string_body_block(lang==String::L_TAINTED ? info->lang:lang, fragment_length, info);
576: }
577:
578: String::Body String::cstr_to_string_body_untaint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const {
579: if(is_empty())
580: return String::Body();
581:
582: Cstr_to_string_body_block_info info;
583: // input
584: info.lang=lang;
585: info.connection=connection;
586: info.charsets=charsets;
587: info.body=&body;
588: // output
589: CORD_ec_init(info.result);
590: // private
591: body.set_pos(info.pos, 0);
592: info.fragment_begin=0;
593: info.exception=0;
594: info.whitespace=true;
595:
596: langs.for_each(body, cstr_to_string_body_block_untaint, &info);
1.151 ! misha 597:
! 598: if(info.exception)
! 599: throw Exception(0,
! 600: 0,
! 601: info.exception);
! 602:
! 603: return String::Body(CORD_ec_to_cord(info.result));
! 604: }
! 605:
! 606: const char* String::transcode_and_untaint_cstr(Language lang, const Request_charsets *charsets) const {
! 607: if(charsets && &charsets->source() != &charsets->client()){
! 608: return cstr_to_string_body_transcode_and_untaint(lang, charsets).cstr();
! 609: } else {
! 610: return cstr_to_string_body_untaint(lang, 0, charsets).cstr();
! 611: }
! 612: }
! 613:
! 614: int cstr_to_string_body_block_transcode_and_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){
! 615: String::C output_c=Charset::transcode(
! 616: String::C(info->body->mid(info->fragment_begin, fragment_length).cstr(), fragment_length),
! 617: info->charsets->source(),
! 618: info->charsets->client()
! 619: );
! 620: String::Body output_body=String::Body(output_c);
! 621:
! 622: size_t fragment_end=info->fragment_begin+fragment_length;
! 623: const String::Body* info_body=info->body;
! 624:
! 625: info->fragment_begin=0;
! 626: info->body=&output_body;
! 627: info->body->set_pos(info->pos, 0);
! 628:
! 629: int result=cstr_to_string_body_block_untaint(alang, output_c.length, info);
! 630:
! 631: info->fragment_begin=fragment_end;
! 632: info->body=info_body;
! 633:
! 634: return result;
! 635: }
! 636:
! 637: String::Body String::cstr_to_string_body_transcode_and_untaint(Language lang, const Request_charsets *charsets) const {
! 638: if(is_empty())
! 639: return String::Body();
! 640:
! 641: Cstr_to_string_body_block_info info;
! 642: // input
! 643: info.lang=lang;
! 644: info.connection=0;
! 645: info.charsets=charsets;
! 646: info.body=&body;
! 647: // output
! 648: CORD_ec_init(info.result);
! 649: // private
! 650: body.set_pos(info.pos, 0);
! 651: info.fragment_begin=0;
! 652: info.exception=0;
! 653: info.whitespace=true;
! 654:
! 655: langs.for_each(body, cstr_to_string_body_block_transcode_and_untaint, &info);
! 656:
1.148 misha 657: if(info.exception)
1.138 misha 658: throw Exception(0,
659: 0,
660: info.exception);
661:
1.119 paf 662: return String::Body(CORD_ec_to_cord(info.result));
1.1 paf 663: }
E-mail:
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to untaint.C CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [parser3project] / parser3 / src / main