[TinyOWS-dev] [tinyows] #42: unsafe chacters in xml when doing a getfeature

[Courtin Olivier]

On Sep 4, 2009, at 11:30 PM, tinyows wrote:

> #42: unsafe chacters in xml when doing a getfeature
> ---------------------------- 
> +-----------------------------------------------
>     Reporter:  assefa      |           Owner:  assefa
>         Type:  defect      |          Status:  new
>     Priority:  minor       |         Version:  SVN
>   Resolution:              |        Keywords:
>        Stage:  Unreviewed  |        Approval:  Unnecessary
>        Patch:  None        |      Complexity:  Unknown
> Compatibility:  Unknown     |   Specification:  Unnecessary
> ---------------------------- 
> +-----------------------------------------------
> Changes (by assefa):
>
>  * owner:  => assefa
>
> Comment:
>
> Attached is a patch for this problem. Plus a pathc to be able to  
> include
> apostrophes in a trascation (insert) request (eg <wfs:Value>Mom  
> &amp; Dad
> '</wfs:Value>), without causing a postgres error


Assefa,

First sorry for the response delay, i have to migrate TinyOWS trac to  
an another
server, and a lot of my spare time was consumed...
(This ticket wasn't in the last backup, and so was lost in the  
migration)

Thanks for the report and theses patches, i've commited as r182
with some changes:

- I prefer not to use alloc/free for strings outside buffer structure  
(struct/buffer.c)
   so i rewrite encode_xml_entities to use buffer handle
   and to use native libxml2 escape quote function for the second one.

- I did'nt yet test theses at all, i you have XML query string against  
tinyows_test
   to check theses, feel free to send it !

--
Olivier