Annotation of parser3/src/main/untaint.C, revision 1.154
1.7 paf 1: /** @file
1.8 paf 2: Parser: String class part: untaint mechanizm.
3:
1.135 paf 4: Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com)
1.89 paf 5: Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
1.103 paf 6: */
1.8 paf 7:
1.154 ! misha 8: static const char * const IDENT_UNTAINT_C="$Date: 2009-09-10 10:53:44 $";
1.117 paf 9:
1.1 paf 10:
11: #include "pa_string.h"
12: #include "pa_hash.h"
13: #include "pa_exception.h"
1.13 paf 14: #include "pa_table.h"
1.32 paf 15: #include "pa_globals.h"
1.58 parser 16: #include "pa_dictionary.h"
1.66 parser 17: #include "pa_common.h"
1.85 paf 18: #include "pa_charset.h"
1.117 paf 19: #include "pa_request_charsets.h"
20: #include "pa_sapi.h"
1.1 paf 21:
1.117 paf 22: extern "C" { // author forgot to do that
23: #include "ec.h"
24: }
1.91 paf 25:
1.117 paf 26: #include "pa_sql_connection.h"
1.91 paf 27:
1.117 paf 28: // defines
29:
30: #undef CORD_ec_append
31: // redefining to intercept flushes and implement whitespace optimization
32: // of all consequent white space chars leaving only first one
33: #define CORD_ec_append(x, c) \
34: { \
35: bool skip=false; \
36: if(optimize) switch(c) { \
1.131 paf 37: case ' ': case '\n': case '\t': \
1.117 paf 38: if(whitespace) \
39: skip=true; /*skipping subsequent*/ \
40: else \
41: whitespace=true; \
42: break; \
43: default: \
44: whitespace=false; \
45: break; \
46: } \
47: if(!skip) { \
48: if ((x)[0].ec_bufptr == (x)[0].ec_buf + CORD_BUFSZ) { \
49: CORD_ec_flush_buf(x); \
50: } \
51: *((x)[0].ec_bufptr)++ = (c); \
52: } \
53: }
54:
55:
1.140 misha 56: #define escape_fragment(action) \
1.119 paf 57: for(; fragment_length--; CORD_next(info->pos)) { \
58: char c=CORD_pos_fetch(info->pos); \
1.117 paf 59: action \
1.1 paf 60: }
1.133 paf 61: #define _default CORD_ec_append(info->result, c)
1.117 paf 62: #define encode(need_encode_func, prefix, otherwise) \
63: if(need_encode_func(c)) { \
64: static const char* hex="0123456789ABCDEF"; \
1.119 paf 65: CORD_ec_append(info->result, prefix); \
66: CORD_ec_append(info->result, hex[((unsigned char)c)/0x10]); \
67: CORD_ec_append(info->result, hex[((unsigned char)c)%0x10]); \
1.117 paf 68: } else \
1.119 paf 69: CORD_ec_append(info->result, otherwise);
1.126 paf 70: #define to_char(c) { CORD_ec_append(info->result, c); whitespace=false; }
71: #define to_string(s) { CORD_ec_append_cord(info->result, s); whitespace=false; }
1.4 paf 72:
1.9 paf 73: inline bool need_file_encode(unsigned char c){
1.108 paf 74: // russian letters and space ENABLED
75: // encoding only these...
76: return strchr(
1.143 misha 77: "*?'\"<>|"
1.108 paf 78: #ifndef WIN32
1.143 misha 79: ":\\"
1.31 paf 80: #endif
1.143 misha 81: , c)!=0;
1.9 paf 82: }
1.143 misha 83:
1.5 paf 84: inline bool need_uri_encode(unsigned char c){
1.152 misha 85: if((c>='0') && (c<='9') || (c>='A') && (c<='Z') || (c>='a') && (c<='z'))
1.4 paf 86: return false;
87:
1.143 misha 88: return !strchr("_-./", c);
1.5 paf 89: }
1.143 misha 90:
1.36 paf 91: inline bool need_http_header_encode(unsigned char c){
1.143 misha 92: if(strchr(" , :", c))
1.5 paf 93: return false;
94:
95: return need_uri_encode(c);
1.4 paf 96: }
1.143 misha 97:
1.136 paf 98: inline bool need_regex_escape(unsigned char c){
1.142 misha 99: return strchr("\\^$.[]|()?*+{}-", c)!=0;
1.136 paf 100: }
1.1 paf 101:
1.150 misha 102: inline bool need_parser_code_escape(unsigned char c){
103: return strchr("^$;@()[]{}:#\"", c)!=0;
104: }
105:
1.1 paf 106: // String
107:
1.41 paf 108: /*
109: HTTP-header = field-name ":" [ field-value ] CRLF
110:
1.152 misha 111: field-name = token
112: field-value = *( field-content | LWS )
1.41 paf 113:
1.152 misha 114: field-content = <the OCTETs making up the field-value
1.41 paf 115: and consisting of either *TEXT or combinations
116: of token, tspecials, and quoted-string>
117:
118:
1.152 misha 119: token = 1*<any CHAR except CTLs or tspecials>
1.41 paf 120: word = token | quoted-string
1.152 misha 121: quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
122: qdtext = <any TEXT except <">>
123: quoted-pair = "\" CHAR
1.41 paf 124:
1.152 misha 125: OCTET = <any 8-bit sequence of data>
126: CHAR = <any US-ASCII character (octets 0 - 127)>
1.41 paf 127:
128: tspecials = "(" | ")" | "<" | ">" | "@"
1.152 misha 129: | "," | ";" | ":" | "\" | <">
130: | "/" | "[" | "]" | "?" | "="
131: | "{" | "}" | SP | HT
1.41 paf 132:
133: SP = <US-ASCII SP, space (32)>
134: HT = <US-ASCII HT, horizontal-tab (9)>
135:
136: LWS = [CRLF] 1*( SP | HT )
1.152 misha 137: TEXT = <any OCTET except CTLs, but including LWS>
138: CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
1.41 paf 139:
140:
141: if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr))
142: */
1.117 paf 143: inline bool need_quote_http_header(const char* ptr, size_t size) {
1.41 paf 144: for(; size--; ptr++)
1.42 paf 145: if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr))
1.41 paf 146: return true;
147: return false;
148: }
149:
1.119 paf 150: #ifndef DOXYGEN
151: struct Append_fragment_info {
152: String::Language lang;
153: String::Languages* dest_languages;
154: size_t dest_body_plan_length;
155: };
156: #endif
157: int append_fragment_optimizing(char alang, size_t asize, Append_fragment_info* info) {
158: const String::Language lang=(String::Language)(unsigned char)alang;
159: // main idea here:
160: // tainted piece would get OPTIMIZED bit from 'lang'
161: // clean piece would be marked OPTIMIZED manually
162: // pieces with determined languages [not tainted|clean] would retain theirs langs
163: info->dest_languages->append(info->dest_body_plan_length,
1.120 paf 164: lang==String::L_TAINTED?
1.119 paf 165: info->lang
1.120 paf 166: :lang==String::L_CLEAN?
167: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) // ORing with OPTIMIZED flag
1.119 paf 168: :lang,
169: asize);
170: info->dest_body_plan_length+=asize;
171:
172: return 0; // 0=continue
173: }
174: int append_fragment_nonoptimizing(char alang, size_t asize, Append_fragment_info* info) {
175: const String::Language lang=(String::Language)(unsigned char)alang;
176: // The core idea: tainted pieces got marked with context's lang
177: info->dest_languages->append(info->dest_body_plan_length,
1.120 paf 178: lang==String::L_TAINTED?
1.119 paf 179: info->lang
180: :lang,
181: asize);
182: info->dest_body_plan_length+=asize;
183:
184: return 0; // 0=continue
185: }
1.117 paf 186:
1.91 paf 187: /**
1.117 paf 188: appends to other String,
1.91 paf 189: marking all tainted pieces of it with @a lang.
1.92 paf 190: or marking ALL pieces of it with a @a lang when @a forced to,
191: and propagating OPTIMIZE language bit.
1.117 paf 192: */
1.147 misha 193: String& String::append_to(String& dest, Language ilang, bool forced) const {
1.117 paf 194: if(is_empty())
195: return dest;
1.91 paf 196:
1.119 paf 197: // first: fragment infos
1.117 paf 198:
1.147 misha 199: if(ilang==L_PASS_APPENDED) // without language-change?
200: dest.langs.appendHelper(dest.body, langs, body);
1.117 paf 201: else if(forced) //forcing passed lang?
1.147 misha 202: dest.langs.appendHelper(dest.body, ilang, body);
203: else {
204: if(langs.opt.is_not_just_lang){
205: Append_fragment_info info={ilang, &dest.langs, dest.body.length()};
206: langs.for_each(body, ilang&L_OPTIMIZE_BIT?
207: append_fragment_optimizing
208: :append_fragment_nonoptimizing, &info);
209: } else {
210: Language lang=langs.opt.lang;
211: // see append_fragment_* for explanation
212: if(ilang&L_OPTIMIZE_BIT){
213: dest.langs.appendHelper(dest.body,
214: lang==String::L_TAINTED?
215: ilang
216: :lang==String::L_CLEAN?
217: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT)
218: :lang,
219: body);
220: } else {
221: dest.langs.appendHelper(dest.body, lang==String::L_TAINTED ? ilang:lang, body);
222: }
223: }
1.91 paf 224: }
225:
1.119 paf 226: // next: letters
227: dest.body<<body;
228:
1.117 paf 229: ASSERT_STRING_INVARIANT(dest);
1.75 paf 230: return dest;
1.51 parser 231: }
232:
1.109 paf 233: /** http://www.ietf.org/rfc/rfc2047.txt
234: RFC
235: (3) As a replacement for a 'word' entity within a 'phrase', for example,
236: one that precedes an address in a From, To, or Cc header. The ABNF
237: definition for 'phrase' from RFC 822 thus becomes:
238:
239: phrase = 1*( encoded-word / word )
240:
241: In this case the set of characters that may be used in a "Q"-encoded
242: 'encoded-word' is restricted to: <upper and lower case ASCII
243: letters, decimal digits, "!", "*", "+", "-", "/", "=", and "_"
244: (underscore, ASCII 95.)>. An 'encoded-word' that appears within a
245: 'phrase' MUST be separated from any adjacent 'word', 'text' or
246: 'special' by 'linear-white-space'.
247: ...
248: (2) The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be
249: represented as "_" (underscore, ASCII 95.). (This character may
250: not pass through some internetwork mail gateways, but its use
251: will greatly enhance readability of "Q" encoded data with mail
252: readers that do not support this encoding.) Note that the "_"
253: always represents hexadecimal 20, even if the SPACE character
254: occupies a different code position in the character set in use.
255:
256: paf: obviously,
257: without "=", or one could not differ "=E0" and "russian letter a"
258: and without "_", or in would mean 0x20
259: */
1.117 paf 260: inline bool mail_header_char_valid_within_Qencoded(char c) {
1.109 paf 261: return c>='A' && c<='Z'
262: || c>='a' && c<='Z'
263: || c>='0' && c<='9'
264: || strchr("!*+-/", c);
265: }
1.118 paf 266: inline bool addr_spec_soon(const char *src) {
1.124 paf 267: for(char c; (c=*src); src++)
1.118 paf 268: if(c=='<')
269: return true;
270: else if(!(c==' ' || c=='\t'))
271: return false;
272: return false;
273: }
1.117 paf 274: /**
275: RFC
276: Upper case should be used for hexadecimal digits "A" through "F"
277: The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE)
278: may be represented as "_"
279: */
280: inline bool mail_header_nonspace_char(char c) {
281: return c != 0x20;
282: }
1.125 paf 283:
1.117 paf 284: inline void ec_append(CORD_ec& result, bool& optimize, bool& whitespace, CORD_pos pos, size_t size) {
285: while(size--) {
286: CORD_ec_append(result, CORD_pos_fetch(pos));
287: CORD_next(pos);
288: }
289: }
290: inline void pa_CORD_pos_advance(CORD_pos pos, size_t n) {
291: while(true) {
1.125 paf 292: long avail=CORD_pos_chars_left(pos);
293: if(avail<=0) {
1.117 paf 294: CORD_next(pos);
295: if(!--n)
296: break;
1.125 paf 297: } else if((size_t)avail<n) {
1.117 paf 298: CORD_pos_advance(pos, avail);
299: n-=avail;
300: } else { // avail>=n
301: CORD_pos_advance(pos, n);
302: break;
303: }
304: }
305: }
306:
1.119 paf 307: #ifndef DOXYGEN
308: struct Cstr_to_string_body_block_info {
309: // input
310: String::Language lang;
311: SQL_Connection* connection;
312: const Request_charsets* charsets;
313: const String::Body* body;
314:
315: // output
316: CORD_ec result;
317:
318: // private
319: CORD_pos pos;
320: size_t fragment_begin;
321: bool whitespace;
1.138 misha 322: const char* exception;
1.119 paf 323: };
324: #endif
1.151 misha 325:
326: // @todo: replace info->body->mid with something that uses info->pos
1.148 misha 327: int cstr_to_string_body_block(String::Language to_lang, size_t fragment_length, Cstr_to_string_body_block_info* info) {
1.119 paf 328: bool& whitespace=info->whitespace;
329: size_t fragment_end=info->fragment_begin+fragment_length;
1.148 misha 330: //fprintf(stderr, "%d, %d =%s=\n", to_lang, fragment_length, info->body->cstr());
1.119 paf 331:
1.120 paf 332: bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0;
1.119 paf 333: if(!optimize)
334: whitespace=false;
335:
1.120 paf 336: switch(to_lang & ~String::L_OPTIMIZE_BIT) {
337: case String::L_CLEAN:
338: case String::L_TAINTED:
339: case String::L_AS_IS:
1.119 paf 340: // clean piece
341:
342: // tainted piece, but undefined untaint language
343: // for VString.as_double of tainted values
344: // for ^process{body} evaluation
345:
346: // tainted, untaint language: as-is
347: ec_append(info->result, optimize, whitespace, info->pos, fragment_length);
348: break;
1.120 paf 349: case String::L_FILE_SPEC:
1.119 paf 350: // tainted, untaint language: file [name]
1.140 misha 351: {
352: escape_fragment(
1.154 ! misha 353: encode(need_file_encode, '_', c);
1.140 misha 354: );
355: }
1.119 paf 356: break;
1.144 misha 357: case String::L_FILE_POST:
358: {
359: escape_fragment(switch(c) {
360: case '\0': to_string("\\0"); break;
361: case '\\': to_string("\\\\"); break;
362: default: _default; break;
363: });
364: }
365: break;
1.120 paf 366: case String::L_URI:
367: case String::L_HTTP_HEADER:
1.119 paf 368: // tainted, untaint language: http-field-content-text
1.140 misha 369: escape_fragment(
1.119 paf 370: encode(need_uri_encode, '%', c);
371: );
372: break;
1.120 paf 373: case String::L_MAIL_HEADER:
1.119 paf 374: // tainted, untaint language: mail-header
375: // http://www.ietf.org/rfc/rfc2047.txt
376: if(info->charsets) {
377: size_t mail_size;
378: const char *mail_ptr=
379: info->body->mid(info->fragment_begin, mail_size=fragment_length).cstr();
380: // skip source [we use recoded version]
381: pa_CORD_pos_advance(info->pos, mail_size);
382:
383: const char* charset_name=info->charsets->mail().NAME().cstr();
384:
385: // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?=
386: bool to_quoted_printable=false;
387:
388: bool email=false;
389: uchar c;
1.124 paf 390: for(const char* src=mail_ptr; (c=(uchar)*src++); ) {
1.137 paf 391: if(c=='\r' || c=='\n')
392: c=' ';
1.130 paf 393: if(to_quoted_printable && (c==',' || c == '"' || addr_spec_soon(src-1/*position to 'c'*/))) {
1.119 paf 394: email=c=='<';
395: to_string("?=");
396: to_quoted_printable=false;
397: }
1.130 paf 398: //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'.
1.119 paf 399: if(!email && (
400: !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char
401: || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c)
402: )) {
403: if(!to_quoted_printable) {
404: to_string("=?");
405: to_string(charset_name);
406: to_string("?Q?");
407: to_quoted_printable=true;
1.105 paf 408: }
1.119 paf 409: encode(mail_header_nonspace_char, '=', '_');
410: } else
411: to_char(c);
412: if(c=='>')
413: email=false;
414: }
415: if(to_quoted_printable) // close
416: to_string("?=");
417:
418: } else
419: ec_append(info->result, optimize, whitespace, info->pos, fragment_length);
420: break;
1.120 paf 421: case String::L_SQL:
1.119 paf 422: // tainted, untaint language: sql
423: if(info->connection) {
424: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
425: // skip source [we use recoded version]
426: pa_CORD_pos_advance(info->pos, fragment_length);
427:
428: to_string(info->connection->quote(fragment_str, fragment_length));
1.138 misha 429: } else {
430: info->exception="untaint in SQL language failed - no connection specified";
431: info->fragment_begin=fragment_end;
432: return 1; // stop processing. can't throw exception here
433: }
1.119 paf 434: break;
1.120 paf 435: case String::L_JS:
1.140 misha 436: escape_fragment(switch(c) {
437: case '\n': to_string("\\n"); break;
1.119 paf 438: case '"': to_string("\\\""); break;
439: case '\'': to_string("\\'"); break;
440: case '\\': to_string("\\\\"); break;
441: case '\xFF': to_string("\\\xFF"); break;
1.146 misha 442: case '\r': to_string("\\r"); break;
1.133 paf 443: default: _default; break;
1.119 paf 444: });
445: break;
1.120 paf 446: case String::L_XML:
1.133 paf 447: // [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
1.140 misha 448: escape_fragment(switch(c) {
449: case '\x20':
450: case '\x9':
451: case '\xA':
1.133 paf 452: case '\xD': // this is usually removed on input
453: _default;
454: break;
1.119 paf 455: case '&': to_string("&"); break;
456: case '>': to_string(">"); break;
457: case '<': to_string("<"); break;
458: case '"': to_string("""); break;
459: case '\'': to_string("'"); break;
1.133 paf 460: default:
461: if(((unsigned char)c)<0x20) {
462: // fixing it, so that libxml would not result
463: // in fatal error parsing text
464: // though it really violates standard.
465: // to indicate there were an error
466: // replace bad char not to it's code,
467: // which we can do,
468: // but rather to '!' to show that input were actually
469: // invalid.
470: // life: shows that MSIE can somehow garble form values
471: // so that they contain these chars.
472: to_char('!');
473: } else {
474: _default;
475: }
476: break;
1.119 paf 477: });
478: break;
1.120 paf 479: case String::L_HTML:
1.140 misha 480: escape_fragment(switch(c) {
1.119 paf 481: case '&': to_string("&"); break;
482: case '>': to_string(">"); break;
483: case '<': to_string("<"); break;
484: case '"': to_string("""); break;
1.133 paf 485: default: _default; break;
1.119 paf 486: });
487: break;
1.136 paf 488: case String::L_REGEX:
489: // tainted, untaint language: regex
1.140 misha 490: escape_fragment(
1.136 paf 491: if(need_regex_escape(c))
492: to_char('\\')
493: _default;
494: );
495: break;
1.140 misha 496: case String::L_HTTP_COOKIE:
497: // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8)
498: {
499: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
500: // skip source [we use recoded version]
501: pa_CORD_pos_advance(info->pos, fragment_length);
502: String::C output(fragment_str, fragment_length);
503:
1.153 misha 504: output=Charset::escape(output, info->charsets->client());
1.140 misha 505: //throw Exception(0, 0, output);
506: to_string(output);
507:
508: }
509: break;
1.150 misha 510: case String::L_PARSER_CODE:
511: // for auto-untaint in process
512: escape_fragment(
513: if(need_parser_code_escape(c))
514: to_char('^');
515: _default;
516: );
517: break;
1.119 paf 518: default:
1.127 paf 519: SAPI::abort("unknown untaint language #%d",
1.119 paf 520: static_cast<int>(to_lang)); // should never
521: break; // never
1.117 paf 522: }
1.55 parser 523:
1.119 paf 524: info->fragment_begin=fragment_end;
525:
526: return 0; // 0=continue
527: }
528:
529:
1.148 misha 530: String::Body String::cstr_to_string_body_taint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const {
1.134 paf 531: if(is_empty())
532: return String::Body();
1.119 paf 533:
534: Cstr_to_string_body_block_info info;
535: // input
536: info.lang=lang;
537: info.connection=connection;
538: info.charsets=charsets;
539: info.body=&body;
540: // output
541: CORD_ec_init(info.result);
542: // private
543: body.set_pos(info.pos, 0);
544: info.fragment_begin=0;
1.138 misha 545: info.exception=0;
1.119 paf 546: info.whitespace=true;
547:
1.148 misha 548: cstr_to_string_body_block(lang, length(), &info);
549:
550: if(info.exception)
551: throw Exception(0,
552: 0,
553: info.exception);
554:
555: return String::Body(CORD_ec_to_cord(info.result));
556: }
557:
558: int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){
559: const String::Language lang=(String::Language)(unsigned char)alang;
560: // see append_fragment_* for explanation
561: if(info->lang&String::L_OPTIMIZE_BIT)
562: return cstr_to_string_body_block(
563: lang==String::L_TAINTED?
564: info->lang
565: :lang==String::L_CLEAN?
566: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT)
567: :lang,
568: fragment_length, info);
569: else
570: return cstr_to_string_body_block(lang==String::L_TAINTED ? info->lang:lang, fragment_length, info);
571: }
572:
573: String::Body String::cstr_to_string_body_untaint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const {
574: if(is_empty())
575: return String::Body();
576:
577: Cstr_to_string_body_block_info info;
578: // input
579: info.lang=lang;
580: info.connection=connection;
581: info.charsets=charsets;
582: info.body=&body;
583: // output
584: CORD_ec_init(info.result);
585: // private
586: body.set_pos(info.pos, 0);
587: info.fragment_begin=0;
588: info.exception=0;
589: info.whitespace=true;
590:
591: langs.for_each(body, cstr_to_string_body_block_untaint, &info);
1.151 misha 592:
593: if(info.exception)
594: throw Exception(0,
595: 0,
596: info.exception);
597:
598: return String::Body(CORD_ec_to_cord(info.result));
599: }
600:
601: const char* String::transcode_and_untaint_cstr(Language lang, const Request_charsets *charsets) const {
602: if(charsets && &charsets->source() != &charsets->client()){
603: return cstr_to_string_body_transcode_and_untaint(lang, charsets).cstr();
604: } else {
605: return cstr_to_string_body_untaint(lang, 0, charsets).cstr();
606: }
607: }
608:
609: int cstr_to_string_body_block_transcode_and_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){
610: String::C output_c=Charset::transcode(
611: String::C(info->body->mid(info->fragment_begin, fragment_length).cstr(), fragment_length),
612: info->charsets->source(),
613: info->charsets->client()
614: );
615: String::Body output_body=String::Body(output_c);
616:
617: size_t fragment_end=info->fragment_begin+fragment_length;
618: const String::Body* info_body=info->body;
619:
620: info->fragment_begin=0;
621: info->body=&output_body;
622: info->body->set_pos(info->pos, 0);
623:
624: int result=cstr_to_string_body_block_untaint(alang, output_c.length, info);
625:
626: info->fragment_begin=fragment_end;
627: info->body=info_body;
628:
629: return result;
630: }
631:
632: String::Body String::cstr_to_string_body_transcode_and_untaint(Language lang, const Request_charsets *charsets) const {
633: if(is_empty())
634: return String::Body();
635:
636: Cstr_to_string_body_block_info info;
637: // input
638: info.lang=lang;
639: info.connection=0;
640: info.charsets=charsets;
641: info.body=&body;
642: // output
643: CORD_ec_init(info.result);
644: // private
645: body.set_pos(info.pos, 0);
646: info.fragment_begin=0;
647: info.exception=0;
648: info.whitespace=true;
649:
650: langs.for_each(body, cstr_to_string_body_block_transcode_and_untaint, &info);
651:
1.148 misha 652: if(info.exception)
1.138 misha 653: throw Exception(0,
654: 0,
655: info.exception);
656:
1.119 paf 657: return String::Body(CORD_ec_to_cord(info.result));
1.1 paf 658: }
E-mail:
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to untaint.C CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [parser3project] / parser3 / src / main