From f8685eee3eb801f565482beec2a71f8809e54cc6 Mon Sep 17 00:00:00 2001
From: Unbit <info@unbit.it>
Date: Sat, 28 Jun 2014 08:35:15 +0200
Subject: [PATCH] added xml buffer escaper

---
 core/buffer.c | 26 ++++++++++++++++++++++++++
 core/webdav.c | 13 ++++++++++++-
 uwsgi.h       |  1 +
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/core/buffer.c b/core/buffer.c
index 7582d9d4..e8800693 100644
--- a/core/buffer.c
+++ b/core/buffer.c
@@ -150,6 +150,32 @@ int uwsgi_buffer_append_json(struct uwsgi_buffer *ub, char *buf, size_t len) {
 	return 0;
 }
 
+int uwsgi_buffer_append_xml(struct uwsgi_buffer *ub, char *buf, size_t len) {
+        // need to escape \ and "
+        size_t i;
+        for(i=0;i<len;i++) {
+                if (buf[i] == '"') {
+                        if (uwsgi_buffer_append(ub, "&quot;", 6)) return -1;
+                }
+                else if (buf[i] == '\'') {
+                        if (uwsgi_buffer_append(ub, "&apos;", 6)) return -1;
+                }
+                else if (buf[i] == '<') {
+                        if (uwsgi_buffer_append(ub, "&lt;", 4)) return -1;
+                }
+                else if (buf[i] == '>') {
+                        if (uwsgi_buffer_append(ub, "&gt;", 4)) return -1;
+                }
+                else if (buf[i] == '&') {
+                        if (uwsgi_buffer_append(ub, "&amp;", 5)) return -1;
+                }
+                else {
+                        if (uwsgi_buffer_append(ub, buf+i, 1)) return -1;
+                }
+        }
+        return 0;
+}
+
 int uwsgi_buffer_u16le(struct uwsgi_buffer *ub, uint16_t num) {
 	uint8_t buf[2];
 	buf[0] = (uint8_t) (num & 0xff);
diff --git a/core/webdav.c b/core/webdav.c
index 97357fbc..3691cd4a 100644
--- a/core/webdav.c
+++ b/core/webdav.c
@@ -81,10 +81,21 @@ int uwsgi_webdav_propfind_item_add(struct uwsgi_buffer *ub, char *href, uint16_t
 	// displayname
 	if (displayname_len > 0) {
 		if (uwsgi_buffer_append(ub, "<D:displayname>\n", 16)) return -1;
-		if (uwsgi_buffer_append(ub, displayname, displayname_len)) return -1;
+		if (uwsgi_buffer_append_xml(ub, displayname, displayname_len)) return -1;
 		if (uwsgi_buffer_append(ub, "</D:displayname>\n", 17)) return -1;
 	}
 
+	if (ctype_len > 0) {
+		if (uwsgi_buffer_append(ub, "<D:getcontenttype>\n", 19)) return -1;
+		if (uwsgi_buffer_append(ub, ctype, ctype_len)) return -1;
+		if (uwsgi_buffer_append(ub, "</D:displayname>\n", 20)) return -1;
+	}
+
+	if (etag_len > 0) {
+		if (uwsgi_buffer_append(ub, "<D:getetag>\n", 12)) return -1;
+		if (uwsgi_buffer_append_xml(ub, displayname, displayname_len)) return -1;
+		if (uwsgi_buffer_append(ub, "</D:getetag>\n", 13)) return -1;
+	}
 
 	if (uwsgi_webdav_multistatus_prop_close(ub)) return -1;
 	if (uwsgi_webdav_multistatus_propstat_close(ub)) return -1;
diff --git a/uwsgi.h b/uwsgi.h
index 995d7fc5..feeb8209 100644
--- a/uwsgi.h
+++ b/uwsgi.h
@@ -4819,6 +4819,7 @@ void uwsgi_fork_server(char *);
 void uwsgi_emperor_ini_attrs(char *, char *, struct uwsgi_dyn_dict **);
 
 int uwsgi_buffer_httpdate(struct uwsgi_buffer *, time_t);
+int uwsgi_buffer_append_xml(struct uwsgi_buffer *, char *, size_t);
 
 #ifdef __cplusplus
 }