X-Git-Url: https://gitweb.ps.run/ps-cgit/blobdiff_plain/9af580d8f6e31ccd68307a728a710c525e4133ab..fbd254d54e28e002a0d56b81c192156599df1e6b:/html.c

diff --git a/html.c b/html.c
index 337baeb..5b07aa0 100644
--- a/html.c
+++ b/html.c
@@ -95,7 +95,7 @@ void html_txt(const char *txt)
 	while(t && *t){
 		int c = *t;
 		if (c=='<' || c=='>' || c=='&') {
-			write(htmlfd, txt, t - txt);
+			html_raw(txt, t - txt);
 			if (c=='>')
 				html("&gt;");
 			else if (c=='<')
@@ -116,7 +116,7 @@ void html_ntxt(int len, const char *txt)
 	while(t && *t && len--){
 		int c = *t;
 		if (c=='<' || c=='>' || c=='&') {
-			write(htmlfd, txt, t - txt);
+			html_raw(txt, t - txt);
 			if (c=='>')
 				html("&gt;");
 			else if (c=='<')
@@ -128,7 +128,7 @@ void html_ntxt(int len, const char *txt)
 		t++;
 	}
 	if (t!=txt)
-		write(htmlfd, txt, t - txt);
+		html_raw(txt, t - txt);
 	if (len<0)
 		html("...");
 }
@@ -138,8 +138,8 @@ void html_attr(const char *txt)
 	const char *t = txt;
 	while(t && *t){
 		int c = *t;
-		if (c=='<' || c=='>' || c=='\'' || c=='\"') {
-			write(htmlfd, txt, t - txt);
+		if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') {
+			html_raw(txt, t - txt);
 			if (c=='>')
 				html("&gt;");
 			else if (c=='<')
@@ -148,6 +148,8 @@ void html_attr(const char *txt)
 				html("&#x27;");
 			else if (c=='"')
 				html("&quot;");
+			else if (c=='&')
+				html("&amp;");
 			txt = t+1;
 		}
 		t++;
@@ -160,11 +162,11 @@ void html_url_path(const char *txt)
 {
 	const char *t = txt;
 	while(t && *t){
-		int c = *t;
+		unsigned char c = *t;
 		const char *e = url_escape_table[c];
-		if (e && c!='+' && c!='&' && c!='+') {
-			write(htmlfd, txt, t - txt);
-			write(htmlfd, e, 3);
+		if (e && c!='+' && c!='&') {
+			html_raw(txt, t - txt);
+			html(e);
 			txt = t+1;
 		}
 		t++;
@@ -177,11 +179,13 @@ void html_url_arg(const char *txt)
 {
 	const char *t = txt;
 	while(t && *t){
-		int c = *t;
+		unsigned char c = *t;
 		const char *e = url_escape_table[c];
+		if (c == ' ')
+			e = "+";
 		if (e) {
-			write(htmlfd, txt, t - txt);
-			write(htmlfd, e, 3);
+			html_raw(txt, t - txt);
+			html(e);
 			txt = t+1;
 		}
 		t++;
@@ -249,7 +253,7 @@ int html_include(const char *filename)
 		return -1;
 	}
 	while((len = fread(buf, 1, 4096, f)) > 0)
-		write(htmlfd, buf, len);
+		html_raw(buf, len);
 	fclose(f);
 	return 0;
 }
@@ -268,31 +272,32 @@ int hextoint(char c)
 
 char *convert_query_hexchar(char *txt)
 {
-	int d1, d2;
-	if (strlen(txt) < 3) {
+	int d1, d2, n;
+	n = strlen(txt);
+	if (n < 3) {
 		*txt = '\0';
 		return txt-1;
 	}
 	d1 = hextoint(*(txt+1));
 	d2 = hextoint(*(txt+2));
 	if (d1<0 || d2<0) {
-		strcpy(txt, txt+3);
+		memmove(txt, txt+3, n-2);
 		return txt-1;
 	} else {
 		*txt = d1 * 16 + d2;
-		strcpy(txt+1, txt+3);
+		memmove(txt+1, txt+3, n-2);
 		return txt;
 	}
 }
 
 int http_parse_querystring(const char *txt_, void (*fn)(const char *name, const char *value))
 {
-	char *t, *txt, *value = NULL, c;
+	char *o, *t, *txt, *value = NULL, c;
 
 	if (!txt_)
 		return 0;
 
-	t = txt = strdup(txt_);
+	o = t = txt = strdup(txt_);
 	if (t == NULL) {
 		printf("Out of memory\n");
 		exit(1);
@@ -315,5 +320,6 @@ int http_parse_querystring(const char *txt_, void (*fn)(const char *name, const
 	}
 	if (t!=txt)
 		(*fn)(txt, value);
+	free(o);
 	return 0;
 }