Fix missing escaping in JSON output via mi_json

TAB, Back Space, Form Feed, New Line and Carriage Return must be escaped in the values returned by mi_json.
OpenSIPS · Apr 8, 2019 · d0156db · d0156db
1 parent b8b8352
commit d0156db
Showing 1 changed file with 42 additions and 1 deletion.
diff --git a/modules/mi_json/http_fnc.c b/modules/mi_json/http_fnc.c
@@ -61,6 +61,11 @@ static inline void MI_JSON_COPY(struct page_buf* pb, const str s) {
 }
 
 static const str MI_JSON_ESC =  str_init("\\");
+static const str MI_JSON_TAB =  str_init("\\t");
+static const str MI_JSON_BACKSPACE =  str_init("\\b");
+static const str MI_JSON_FORMFEED =  str_init("\\f");
+static const str MI_JSON_NEWLINE =  str_init("\\n");
+static const str MI_JSON_CRETURN =  str_init("\\r");
 
 static inline void MI_JSON_ESC_COPY(struct page_buf* pb, const str s) {
   str temp_holder;
@@ -75,8 +80,44 @@ static inline void MI_JSON_ESC_COPY(struct page_buf* pb, const str s) {
   temp_holder.len = 0;
   for(temp_counter=0;temp_counter<s.len;temp_counter++) {
     switch(s.s[temp_counter]) {
-    case '"':
+    case '\b':
+      temp_holder.len = temp_counter - temp_holder.len;
+      MI_JSON_COPY(pb, temp_holder);
+      MI_JSON_COPY(pb, MI_JSON_BACKSPACE);
+      temp_holder.s = s.s + temp_counter+1;
+      temp_holder.len = temp_counter+1;
+      break;
+    case '\f':
+      temp_holder.len = temp_counter - temp_holder.len;
+      MI_JSON_COPY(pb, temp_holder);
+      MI_JSON_COPY(pb, MI_JSON_FORMFEED);
+      temp_holder.s = s.s + temp_counter+1;
+      temp_holder.len = temp_counter+1;
+      break;
+    case '\n':
+      temp_holder.len = temp_counter - temp_holder.len;
+      MI_JSON_COPY(pb, temp_holder);
+      MI_JSON_COPY(pb, MI_JSON_NEWLINE);
+      temp_holder.s = s.s + temp_counter+1;
+      temp_holder.len = temp_counter+1;
+      break;
+    case '\r':
+      temp_holder.len = temp_counter - temp_holder.len;
+      MI_JSON_COPY(pb, temp_holder);
+      MI_JSON_COPY(pb, MI_JSON_CRETURN);
+      temp_holder.s = s.s + temp_counter+1;
+      temp_holder.len = temp_counter+1;
+      break;
+    case '\t':
+      temp_holder.len = temp_counter - temp_holder.len;
+      MI_JSON_COPY(pb, temp_holder);
+      MI_JSON_COPY(pb, MI_JSON_TAB);
+      temp_holder.s = s.s + temp_counter+1;
+      temp_holder.len = temp_counter+1;
+      break;
     case '\\':
+    case '"':
+    case '/':
       temp_holder.len = temp_counter - temp_holder.len;
       MI_JSON_COPY(pb, temp_holder);
       MI_JSON_COPY(pb, MI_JSON_ESC);