Fix #907: HTML entities were being incorrectly escaped

NagiosEnterprises · May 2, 2023 · 882a0dd · 882a0dd
1 parent 423cf2a
commit 882a0dd
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/Changelog b/Changelog
@@ -6,6 +6,7 @@ Nagios Core 4 Change Log
 -------------------
 FIXES
 * Clean up most compiler warnings on GCC and clang (#901)
+* Fix incorrect HTML entity escaping in CGIs (#907)
 
 4.4.11 - 2023-04-14
 -------------------

diff --git a/cgi/cgiutils.c b/cgi/cgiutils.c
@@ -1450,8 +1450,8 @@ char *escape_string_with_buffer(const char *input, char **output, size_t *output
 
 		/* Encode everything else (this may be excessive) */
 		else {
-			len = strlen( temp_expansion);
 			sprintf( temp_expansion, "&#%u;", ( unsigned int)wctemp[ 0]);
+			len = strlen( temp_expansion);
 			if((( stp - *output) + len) <
 					(unsigned int)output_max) {
 				memcpy( stp, temp_expansion, len);