void htmlAttributeEscape(const char* in, int inLen, CP::StreamWriter& sw) { //XXX: dangerous (potentially exploitable) codepath; please audit int last_i = 0; const char* tmp; for (int i = 0; i < inLen; i++) { switch (in[i]) { case '&': tmp = "&"; break; case '<': tmp = "<"; break; case '>': tmp = ">"; break; case '"': tmp = """; break; case '\'': tmp = "'"; break; default: continue; } if (i > last_i) sw.write(in + last_i, i - last_i); last_i = i + 1; sw.write(tmp); } if (inLen > last_i) sw.write(in + last_i, inLen - last_i); }
void htmlAttributeEscape(const char* in, int inLen, CP::StreamWriter& sw) { int last_i = 0; const char* tmp; for (int i = 0; i < inLen; i++) { switch (in[i]) { case '&': tmp = "&"; break; case '<': tmp = "<"; break; case '>': tmp = ">"; break; case '"': tmp = """; break; case '\'': tmp = "'"; break; default: continue; } if (i > last_i) sw.write(in + last_i, i - last_i); last_i = i + 1; sw.write(tmp); } if (inLen > last_i) sw.write(in + last_i, inLen - last_i); }
void Response_doWriteHeaders(Response* This, CP::StreamWriter& sw) { //sw.writeF("HTTP/1.1 %i %s\r\n", This->statusCode, This->statusName); { char* s1 = sw.beginWrite(32); memcpy(s1, "HTTP/1.1 ", 9); int x = 9 + itoa(This->statusCode, s1 + 9); s1[x] = ' '; x++; memcpy(s1 + x, This->statusName.data(), This->statusName.length()); x += This->statusName.length(); s1[x] = '\r'; s1[x + 1] = '\n'; x += 2; sw.endWrite(x); } if (This->sendChunked) This->headers["Transfer-Encoding"] = "chunked"; for (auto it = This->headers.begin(); it != This->headers.end(); it++) { int l1 = (*it).first.length(); int l2 = (*it).second.length(); char* tmp = sw.beginWrite(l1 + 4 + l2); memcpy(tmp, (*it).first.data(), l1); tmp[l1] = ':'; tmp[l1 + 1] = ' '; memcpy(tmp + l1 + 2, (*it).second.data(), l2); tmp[l1 + 2 + l2] = '\r'; tmp[l1 + 2 + l2 + 1] = '\n'; sw.endWrite(l1 + 4 + l2); //sw.writeF("%s: %s\r\n", (*it).first.c_str(), (*it).second.c_str()); } sw.write("\r\n", 2); }
void urlEncode(const char* in, int inLen, CP::StreamWriter& sw) { int last_i = 0; const char* c = in; char ch[3]; ch[0] = '%'; for (int i = 0; i < inLen; i++) { if ((48 <= c[i] && c[i] <= 57) || //0-9 (65 <= c[i] && c[i] <= 90) || //abc...xyz (97 <= c[i] && c[i] <= 122) || //ABC...XYZ (c[i] == '~' || c[i] == '!' || c[i] == '*' || c[i] == '(' || c[i] == ')' || c[i] == '\'')) continue; if (i > last_i) sw.write(in + last_i, i - last_i); last_i = i + 1; ch[1] = intToHexChar(c[i] >> 4); ch[2] = intToHexChar(c[i] & (char) 0xF); sw.write(ch, 3); } if (inLen > last_i) sw.write(in + last_i, inLen - last_i); }
void Page::render(CP::StreamWriter& out) { out.write("This is the default page of the cppsp C++ " "web application framework. If you see this, it means " "you haven't overridden the render() method derived from cppsp::Page."); }