[TinyOWS-dev] [tinyows] #42: unsafe chacters in xml when doing a getfeature

Courtin Olivier olivier.courtin at gmail.com
Sun Sep 27 09:56:25 EST 2009

On Sep 4, 2009, at 11:30 PM, tinyows wrote:

> #42: unsafe chacters in xml when doing a getfeature
> ---------------------------- 
> +-----------------------------------------------
>     Reporter:  assefa      |           Owner:  assefa
>         Type:  defect      |          Status:  new
>     Priority:  minor       |         Version:  SVN
>   Resolution:              |        Keywords:
>        Stage:  Unreviewed  |        Approval:  Unnecessary
>        Patch:  None        |      Complexity:  Unknown
> Compatibility:  Unknown     |   Specification:  Unnecessary
> ---------------------------- 
> +-----------------------------------------------
> Changes (by assefa):
>  * owner:  => assefa
> Comment:
> Attached is a patch for this problem. Plus a pathc to be able to  
> include
> apostrophes in a trascation (insert) request (eg <wfs:Value>Mom  
> &amp; Dad
> '</wfs:Value>), without causing a postgres error


First sorry for the response delay, i have to migrate TinyOWS trac to  
an another
server, and a lot of my spare time was consumed...
(This ticket wasn't in the last backup, and so was lost in the  

Thanks for the report and theses patches, i've commited as r182
with some changes:

- I prefer not to use alloc/free for strings outside buffer structure  
   so i rewrite encode_xml_entities to use buffer handle
   and to use native libxml2 escape quote function for the second one.

- I did'nt yet test theses at all, i you have XML query string against  
   to check theses, feel free to send it !


More information about the TinyOWS-dev mailing list