Annotation of parser3/src/main/untaint.C, revision 1.163
1.7 paf 1: /** @file
1.8 paf 2: Parser: String class part: untaint mechanizm.
3:
1.163 ! moko 4: Copyright (c) 2001-2012 Art. Lebedev Studio (http://www.artlebedev.com)
1.89 paf 5: Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
1.103 paf 6: */
1.8 paf 7:
1.163 ! moko 8: volatile const char * IDENT_UNTAINT_C="$Id: 2011-02-18 06:03:53 $";
1.117 paf 9:
1.1 paf 10:
11: #include "pa_string.h"
12: #include "pa_hash.h"
13: #include "pa_exception.h"
1.13 paf 14: #include "pa_table.h"
1.32 paf 15: #include "pa_globals.h"
1.58 parser 16: #include "pa_dictionary.h"
1.66 parser 17: #include "pa_common.h"
1.85 paf 18: #include "pa_charset.h"
1.117 paf 19: #include "pa_request_charsets.h"
20: #include "pa_sapi.h"
1.1 paf 21:
1.117 paf 22: extern "C" { // author forgot to do that
23: #include "ec.h"
24: }
1.91 paf 25:
1.117 paf 26: #include "pa_sql_connection.h"
1.91 paf 27:
1.117 paf 28: // defines
29:
30: #undef CORD_ec_append
31: // redefining to intercept flushes and implement whitespace optimization
32: // of all consequent white space chars leaving only first one
33: #define CORD_ec_append(x, c) \
34: { \
35: bool skip=false; \
36: if(optimize) switch(c) { \
1.131 paf 37: case ' ': case '\n': case '\t': \
1.117 paf 38: if(whitespace) \
39: skip=true; /*skipping subsequent*/ \
40: else \
41: whitespace=true; \
42: break; \
43: default: \
44: whitespace=false; \
45: break; \
46: } \
47: if(!skip) { \
48: if ((x)[0].ec_bufptr == (x)[0].ec_buf + CORD_BUFSZ) { \
49: CORD_ec_flush_buf(x); \
50: } \
51: *((x)[0].ec_bufptr)++ = (c); \
52: } \
53: }
54:
55:
1.140 misha 56: #define escape_fragment(action) \
1.119 paf 57: for(; fragment_length--; CORD_next(info->pos)) { \
58: char c=CORD_pos_fetch(info->pos); \
1.117 paf 59: action \
1.1 paf 60: }
1.133 paf 61: #define _default CORD_ec_append(info->result, c)
1.117 paf 62: #define encode(need_encode_func, prefix, otherwise) \
63: if(need_encode_func(c)) { \
64: static const char* hex="0123456789ABCDEF"; \
1.119 paf 65: CORD_ec_append(info->result, prefix); \
66: CORD_ec_append(info->result, hex[((unsigned char)c)/0x10]); \
67: CORD_ec_append(info->result, hex[((unsigned char)c)%0x10]); \
1.117 paf 68: } else \
1.119 paf 69: CORD_ec_append(info->result, otherwise);
1.126 paf 70: #define to_char(c) { CORD_ec_append(info->result, c); whitespace=false; }
71: #define to_string(s) { CORD_ec_append_cord(info->result, s); whitespace=false; }
1.4 paf 72:
1.9 paf 73: inline bool need_file_encode(unsigned char c){
1.108 paf 74: // russian letters and space ENABLED
75: // encoding only these...
76: return strchr(
1.143 misha 77: "*?'\"<>|"
1.108 paf 78: #ifndef WIN32
1.143 misha 79: ":\\"
1.31 paf 80: #endif
1.143 misha 81: , c)!=0;
1.9 paf 82: }
1.143 misha 83:
1.5 paf 84: inline bool need_uri_encode(unsigned char c){
1.162 misha 85: return !(pa_isalnum(c) || strchr("_-./*", c));
1.4 paf 86: }
1.143 misha 87:
1.136 paf 88: inline bool need_regex_escape(unsigned char c){
1.142 misha 89: return strchr("\\^$.[]|()?*+{}-", c)!=0;
1.136 paf 90: }
1.1 paf 91:
1.150 misha 92: inline bool need_parser_code_escape(unsigned char c){
93: return strchr("^$;@()[]{}:#\"", c)!=0;
94: }
95:
1.1 paf 96: // String
97:
1.41 paf 98: /*
99: HTTP-header = field-name ":" [ field-value ] CRLF
100:
1.152 misha 101: field-name = token
102: field-value = *( field-content | LWS )
1.41 paf 103:
1.152 misha 104: field-content = <the OCTETs making up the field-value
1.41 paf 105: and consisting of either *TEXT or combinations
106: of token, tspecials, and quoted-string>
107:
108:
1.152 misha 109: token = 1*<any CHAR except CTLs or tspecials>
1.41 paf 110: word = token | quoted-string
1.152 misha 111: quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
112: qdtext = <any TEXT except <">>
113: quoted-pair = "\" CHAR
1.41 paf 114:
1.152 misha 115: OCTET = <any 8-bit sequence of data>
116: CHAR = <any US-ASCII character (octets 0 - 127)>
1.41 paf 117:
118: tspecials = "(" | ")" | "<" | ">" | "@"
1.152 misha 119: | "," | ";" | ":" | "\" | <">
120: | "/" | "[" | "]" | "?" | "="
121: | "{" | "}" | SP | HT
1.41 paf 122:
123: SP = <US-ASCII SP, space (32)>
124: HT = <US-ASCII HT, horizontal-tab (9)>
125:
126: LWS = [CRLF] 1*( SP | HT )
1.152 misha 127: TEXT = <any OCTET except CTLs, but including LWS>
128: CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
1.41 paf 129:
130:
131: if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr))
132: */
1.117 paf 133: inline bool need_quote_http_header(const char* ptr, size_t size) {
1.41 paf 134: for(; size--; ptr++)
1.42 paf 135: if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr))
1.41 paf 136: return true;
137: return false;
138: }
139:
1.119 paf 140: #ifndef DOXYGEN
141: struct Append_fragment_info {
142: String::Language lang;
143: String::Languages* dest_languages;
144: size_t dest_body_plan_length;
145: };
146: #endif
147: int append_fragment_optimizing(char alang, size_t asize, Append_fragment_info* info) {
148: const String::Language lang=(String::Language)(unsigned char)alang;
149: // main idea here:
150: // tainted piece would get OPTIMIZED bit from 'lang'
151: // clean piece would be marked OPTIMIZED manually
152: // pieces with determined languages [not tainted|clean] would retain theirs langs
153: info->dest_languages->append(info->dest_body_plan_length,
1.120 paf 154: lang==String::L_TAINTED?
1.119 paf 155: info->lang
1.120 paf 156: :lang==String::L_CLEAN?
157: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) // ORing with OPTIMIZED flag
1.119 paf 158: :lang,
159: asize);
160: info->dest_body_plan_length+=asize;
161:
162: return 0; // 0=continue
163: }
164: int append_fragment_nonoptimizing(char alang, size_t asize, Append_fragment_info* info) {
165: const String::Language lang=(String::Language)(unsigned char)alang;
166: // The core idea: tainted pieces got marked with context's lang
167: info->dest_languages->append(info->dest_body_plan_length,
1.120 paf 168: lang==String::L_TAINTED?
1.119 paf 169: info->lang
170: :lang,
171: asize);
172: info->dest_body_plan_length+=asize;
173:
174: return 0; // 0=continue
175: }
1.117 paf 176:
1.91 paf 177: /**
1.117 paf 178: appends to other String,
1.91 paf 179: marking all tainted pieces of it with @a lang.
1.92 paf 180: or marking ALL pieces of it with a @a lang when @a forced to,
181: and propagating OPTIMIZE language bit.
1.117 paf 182: */
1.147 misha 183: String& String::append_to(String& dest, Language ilang, bool forced) const {
1.117 paf 184: if(is_empty())
185: return dest;
1.91 paf 186:
1.119 paf 187: // first: fragment infos
1.117 paf 188:
1.147 misha 189: if(ilang==L_PASS_APPENDED) // without language-change?
190: dest.langs.appendHelper(dest.body, langs, body);
1.117 paf 191: else if(forced) //forcing passed lang?
1.147 misha 192: dest.langs.appendHelper(dest.body, ilang, body);
193: else {
194: if(langs.opt.is_not_just_lang){
195: Append_fragment_info info={ilang, &dest.langs, dest.body.length()};
196: langs.for_each(body, ilang&L_OPTIMIZE_BIT?
197: append_fragment_optimizing
198: :append_fragment_nonoptimizing, &info);
199: } else {
200: Language lang=langs.opt.lang;
201: // see append_fragment_* for explanation
202: if(ilang&L_OPTIMIZE_BIT){
203: dest.langs.appendHelper(dest.body,
204: lang==String::L_TAINTED?
205: ilang
206: :lang==String::L_CLEAN?
207: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT)
208: :lang,
209: body);
210: } else {
211: dest.langs.appendHelper(dest.body, lang==String::L_TAINTED ? ilang:lang, body);
212: }
213: }
1.91 paf 214: }
215:
1.119 paf 216: // next: letters
217: dest.body<<body;
218:
1.117 paf 219: ASSERT_STRING_INVARIANT(dest);
1.75 paf 220: return dest;
1.51 parser 221: }
222:
1.109 paf 223: /** http://www.ietf.org/rfc/rfc2047.txt
224: RFC
225: (3) As a replacement for a 'word' entity within a 'phrase', for example,
226: one that precedes an address in a From, To, or Cc header. The ABNF
227: definition for 'phrase' from RFC 822 thus becomes:
228:
229: phrase = 1*( encoded-word / word )
230:
231: In this case the set of characters that may be used in a "Q"-encoded
232: 'encoded-word' is restricted to: <upper and lower case ASCII
233: letters, decimal digits, "!", "*", "+", "-", "/", "=", and "_"
234: (underscore, ASCII 95.)>. An 'encoded-word' that appears within a
235: 'phrase' MUST be separated from any adjacent 'word', 'text' or
236: 'special' by 'linear-white-space'.
237: ...
238: (2) The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be
239: represented as "_" (underscore, ASCII 95.). (This character may
240: not pass through some internetwork mail gateways, but its use
241: will greatly enhance readability of "Q" encoded data with mail
242: readers that do not support this encoding.) Note that the "_"
243: always represents hexadecimal 20, even if the SPACE character
244: occupies a different code position in the character set in use.
245:
246: paf: obviously,
247: without "=", or one could not differ "=E0" and "russian letter a"
248: and without "_", or in would mean 0x20
249: */
1.117 paf 250: inline bool mail_header_char_valid_within_Qencoded(char c) {
1.162 misha 251: return (pa_isalnum((unsigned char)c) || strchr("!*+-/", c));
1.109 paf 252: }
1.118 paf 253: inline bool addr_spec_soon(const char *src) {
1.124 paf 254: for(char c; (c=*src); src++)
1.118 paf 255: if(c=='<')
256: return true;
257: else if(!(c==' ' || c=='\t'))
258: return false;
259: return false;
260: }
1.117 paf 261: /**
262: RFC
263: Upper case should be used for hexadecimal digits "A" through "F"
264: The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE)
265: may be represented as "_"
266: */
267: inline bool mail_header_nonspace_char(char c) {
268: return c != 0x20;
269: }
1.125 paf 270:
1.117 paf 271: inline void ec_append(CORD_ec& result, bool& optimize, bool& whitespace, CORD_pos pos, size_t size) {
272: while(size--) {
273: CORD_ec_append(result, CORD_pos_fetch(pos));
274: CORD_next(pos);
275: }
276: }
277: inline void pa_CORD_pos_advance(CORD_pos pos, size_t n) {
278: while(true) {
1.125 paf 279: long avail=CORD_pos_chars_left(pos);
280: if(avail<=0) {
1.117 paf 281: CORD_next(pos);
282: if(!--n)
283: break;
1.125 paf 284: } else if((size_t)avail<n) {
1.117 paf 285: CORD_pos_advance(pos, avail);
286: n-=avail;
287: } else { // avail>=n
288: CORD_pos_advance(pos, n);
289: break;
290: }
291: }
292: }
293:
1.119 paf 294: #ifndef DOXYGEN
295: struct Cstr_to_string_body_block_info {
296: // input
297: String::Language lang;
298: SQL_Connection* connection;
299: const Request_charsets* charsets;
300: const String::Body* body;
301:
302: // output
303: CORD_ec result;
304:
305: // private
306: CORD_pos pos;
307: size_t fragment_begin;
308: bool whitespace;
1.138 misha 309: const char* exception;
1.119 paf 310: };
311: #endif
1.151 misha 312:
313: // @todo: replace info->body->mid with something that uses info->pos
1.148 misha 314: int cstr_to_string_body_block(String::Language to_lang, size_t fragment_length, Cstr_to_string_body_block_info* info) {
1.119 paf 315: bool& whitespace=info->whitespace;
316: size_t fragment_end=info->fragment_begin+fragment_length;
1.148 misha 317: //fprintf(stderr, "%d, %d =%s=\n", to_lang, fragment_length, info->body->cstr());
1.119 paf 318:
1.120 paf 319: bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0;
1.119 paf 320: if(!optimize)
321: whitespace=false;
322:
1.120 paf 323: switch(to_lang & ~String::L_OPTIMIZE_BIT) {
324: case String::L_CLEAN:
325: case String::L_TAINTED:
326: case String::L_AS_IS:
1.119 paf 327: // clean piece
328:
329: // tainted piece, but undefined untaint language
330: // for VString.as_double of tainted values
331: // for ^process{body} evaluation
332:
333: // tainted, untaint language: as-is
334: ec_append(info->result, optimize, whitespace, info->pos, fragment_length);
335: break;
1.120 paf 336: case String::L_FILE_SPEC:
1.119 paf 337: // tainted, untaint language: file [name]
1.140 misha 338: {
339: escape_fragment(
1.154 misha 340: encode(need_file_encode, '_', c);
1.140 misha 341: );
342: }
1.119 paf 343: break;
1.120 paf 344: case String::L_URI:
1.155 misha 345: // tainted, untaint language: uri
346: {
347: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
348: // skip source [we use recoded version]
349: pa_CORD_pos_advance(info->pos, fragment_length);
350: String::C output(fragment_str, fragment_length);
351: if(info->charsets)
352: output=Charset::transcode(output,
353: info->charsets->source(),
354: info->charsets->client());
355:
356: char c;
357: for(const char* src=output.str; (c=*src++); )
358: encode(need_uri_encode, '%', c);
359: }
360: break;
1.120 paf 361: case String::L_HTTP_HEADER:
1.119 paf 362: // tainted, untaint language: http-field-content-text
1.161 moko 363: escape_fragment(switch(c) {
364: case '\n':
365: case '\r': to_string(" "); break;
366: default: _default; break;
367: });
1.119 paf 368: break;
1.120 paf 369: case String::L_MAIL_HEADER:
1.119 paf 370: // tainted, untaint language: mail-header
371: // http://www.ietf.org/rfc/rfc2047.txt
372: if(info->charsets) {
373: size_t mail_size;
374: const char *mail_ptr=
375: info->body->mid(info->fragment_begin, mail_size=fragment_length).cstr();
376: // skip source [we use recoded version]
377: pa_CORD_pos_advance(info->pos, mail_size);
378:
379: const char* charset_name=info->charsets->mail().NAME().cstr();
380:
381: // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?=
382: bool to_quoted_printable=false;
383:
384: bool email=false;
385: uchar c;
1.124 paf 386: for(const char* src=mail_ptr; (c=(uchar)*src++); ) {
1.137 paf 387: if(c=='\r' || c=='\n')
388: c=' ';
1.130 paf 389: if(to_quoted_printable && (c==',' || c == '"' || addr_spec_soon(src-1/*position to 'c'*/))) {
1.119 paf 390: email=c=='<';
391: to_string("?=");
392: to_quoted_printable=false;
393: }
1.130 paf 394: //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'.
1.119 paf 395: if(!email && (
396: !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char
397: || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c)
398: )) {
399: if(!to_quoted_printable) {
400: to_string("=?");
401: to_string(charset_name);
402: to_string("?Q?");
403: to_quoted_printable=true;
1.105 paf 404: }
1.119 paf 405: encode(mail_header_nonspace_char, '=', '_');
406: } else
407: to_char(c);
408: if(c=='>')
409: email=false;
410: }
411: if(to_quoted_printable) // close
412: to_string("?=");
413:
414: } else
415: ec_append(info->result, optimize, whitespace, info->pos, fragment_length);
416: break;
1.120 paf 417: case String::L_SQL:
1.119 paf 418: // tainted, untaint language: sql
419: if(info->connection) {
420: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
421: // skip source [we use recoded version]
422: pa_CORD_pos_advance(info->pos, fragment_length);
423:
424: to_string(info->connection->quote(fragment_str, fragment_length));
1.138 misha 425: } else {
426: info->exception="untaint in SQL language failed - no connection specified";
427: info->fragment_begin=fragment_end;
428: return 1; // stop processing. can't throw exception here
429: }
1.119 paf 430: break;
1.120 paf 431: case String::L_JS:
1.140 misha 432: escape_fragment(switch(c) {
433: case '\n': to_string("\\n"); break;
1.119 paf 434: case '"': to_string("\\\""); break;
435: case '\'': to_string("\\'"); break;
436: case '\\': to_string("\\\\"); break;
437: case '\xFF': to_string("\\\xFF"); break;
1.146 misha 438: case '\r': to_string("\\r"); break;
1.133 paf 439: default: _default; break;
1.119 paf 440: });
441: break;
1.120 paf 442: case String::L_XML:
1.133 paf 443: // [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
1.140 misha 444: escape_fragment(switch(c) {
445: case '\x20':
446: case '\x9':
447: case '\xA':
1.133 paf 448: case '\xD': // this is usually removed on input
449: _default;
450: break;
1.119 paf 451: case '&': to_string("&"); break;
452: case '>': to_string(">"); break;
453: case '<': to_string("<"); break;
454: case '"': to_string("""); break;
455: case '\'': to_string("'"); break;
1.133 paf 456: default:
457: if(((unsigned char)c)<0x20) {
458: // fixing it, so that libxml would not result
459: // in fatal error parsing text
460: // though it really violates standard.
461: // to indicate there were an error
462: // replace bad char not to it's code,
463: // which we can do,
464: // but rather to '!' to show that input were actually
465: // invalid.
466: // life: shows that MSIE can somehow garble form values
467: // so that they contain these chars.
468: to_char('!');
469: } else {
470: _default;
471: }
472: break;
1.119 paf 473: });
474: break;
1.120 paf 475: case String::L_HTML:
1.140 misha 476: escape_fragment(switch(c) {
1.119 paf 477: case '&': to_string("&"); break;
478: case '>': to_string(">"); break;
479: case '<': to_string("<"); break;
480: case '"': to_string("""); break;
1.133 paf 481: default: _default; break;
1.119 paf 482: });
483: break;
1.136 paf 484: case String::L_REGEX:
485: // tainted, untaint language: regex
1.140 misha 486: escape_fragment(
1.136 paf 487: if(need_regex_escape(c))
488: to_char('\\')
489: _default;
490: );
491: break;
1.156 misha 492: case String::L_JSON:
493: // tainted, untaint language: json <http://json.org/>
494: // escape '"' '\' '/' '\n' '\t' '\r' '\b' '\f' chars and escape chars as \uXXXX if output charset != UTF-8
495: {
1.159 moko 496: if(info->charsets==NULL || info->charsets->client().isUTF8()){
1.156 misha 497: // escaping to \uXXXX is not needed
498: escape_fragment(switch(c) {
499: case '\n': to_string("\\n"); break;
500: case '"' : to_string("\\\""); break;
501: case '\\': to_string("\\\\"); break;
502: case '/' : to_string("\\/"); break;
503: case '\t': to_string("\\t"); break;
504: case '\r': to_string("\\r"); break;
505: case '\b': to_string("\\b"); break;
506: case '\f': to_string("\\f"); break;
507: default : _default; break;
508: });
509: } else {
510: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
511: // skip source [we use recoded version]
512: pa_CORD_pos_advance(info->pos, fragment_length);
513: String::C output(fragment_str, fragment_length);
514:
515: output=Charset::escape_JSON(output, info->charsets->source());
516: to_string(output);
517: }
518: }
519: break;
1.140 misha 520: case String::L_HTTP_COOKIE:
521: // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8)
1.159 moko 522: if(info->charsets) {
1.140 misha 523: const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr();
524: // skip source [we use recoded version]
525: pa_CORD_pos_advance(info->pos, fragment_length);
526: String::C output(fragment_str, fragment_length);
527:
1.155 misha 528: output=Charset::escape(output, info->charsets->source());
1.140 misha 529: to_string(output);
1.159 moko 530: } else
531: ec_append(info->result, optimize, whitespace, info->pos, fragment_length);
1.140 misha 532: break;
1.150 misha 533: case String::L_PARSER_CODE:
534: // for auto-untaint in process
535: escape_fragment(
536: if(need_parser_code_escape(c))
537: to_char('^');
538: _default;
539: );
540: break;
1.119 paf 541: default:
1.127 paf 542: SAPI::abort("unknown untaint language #%d",
1.119 paf 543: static_cast<int>(to_lang)); // should never
544: break; // never
1.117 paf 545: }
1.55 parser 546:
1.119 paf 547: info->fragment_begin=fragment_end;
548:
549: return 0; // 0=continue
550: }
551:
552:
1.148 misha 553: String::Body String::cstr_to_string_body_taint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const {
1.134 paf 554: if(is_empty())
555: return String::Body();
1.119 paf 556:
557: Cstr_to_string_body_block_info info;
558: // input
559: info.lang=lang;
560: info.connection=connection;
561: info.charsets=charsets;
562: info.body=&body;
563: // output
564: CORD_ec_init(info.result);
565: // private
566: body.set_pos(info.pos, 0);
567: info.fragment_begin=0;
1.138 misha 568: info.exception=0;
1.119 paf 569: info.whitespace=true;
570:
1.148 misha 571: cstr_to_string_body_block(lang, length(), &info);
572:
573: if(info.exception)
574: throw Exception(0,
575: 0,
576: info.exception);
577:
1.160 moko 578: return String::Body(CORD_ec_to_cord(info.result));
1.148 misha 579: }
580:
581: int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){
582: const String::Language lang=(String::Language)(unsigned char)alang;
583: // see append_fragment_* for explanation
584: if(info->lang&String::L_OPTIMIZE_BIT)
585: return cstr_to_string_body_block(
586: lang==String::L_TAINTED?
587: info->lang
588: :lang==String::L_CLEAN?
589: (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT)
590: :lang,
591: fragment_length, info);
592: else
593: return cstr_to_string_body_block(lang==String::L_TAINTED ? info->lang:lang, fragment_length, info);
594: }
595:
596: String::Body String::cstr_to_string_body_untaint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const {
597: if(is_empty())
598: return String::Body();
599:
600: Cstr_to_string_body_block_info info;
601: // input
602: info.lang=lang;
603: info.connection=connection;
604: info.charsets=charsets;
605: info.body=&body;
606: // output
607: CORD_ec_init(info.result);
608: // private
609: body.set_pos(info.pos, 0);
610: info.fragment_begin=0;
611: info.exception=0;
612: info.whitespace=true;
613:
614: langs.for_each(body, cstr_to_string_body_block_untaint, &info);
1.151 misha 615:
616: if(info.exception)
617: throw Exception(0,
618: 0,
619: info.exception);
620:
1.160 moko 621: return String::Body(CORD_ec_to_cord(info.result));
1.151 misha 622: }
623:
1.155 misha 624: const char* String::untaint_and_transcode_cstr(Language lang, const Request_charsets *charsets) const {
1.151 misha 625: if(charsets && &charsets->source() != &charsets->client()){
1.155 misha 626: // Note: L_URI is allready transcoded during untaint, but transcode does not affect %XX
627: return Charset::transcode(cstr_to_string_body_untaint(lang, 0, charsets), charsets->source(), charsets->client()).cstr();
628: } else
1.151 misha 629: return cstr_to_string_body_untaint(lang, 0, charsets).cstr();
1.1 paf 630: }
E-mail:
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to untaint.C CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [parser3project] / parser3 / src / main