Skip to content
Permalink
Browse files

BF: escape the content of <matches> since its value could contain arb…

…itrary symbols
  • Loading branch information...
yarikoptic committed Oct 9, 2012
1 parent 6ee2c0a commit 83109bce144f443a48ef31165a5389b7b83f4e0e
Showing with 15 additions and 3 deletions.
  1. +15 −3 server/action.py
@@ -230,7 +230,14 @@ def getActionStop(self):
def execActionStop(self):
stopCmd = Action.replaceTag(self.__actionStop, self.__cInfo)
return Action.executeCmd(stopCmd)


def escapeTag(tag):
for c in '\\#&;`|*?~<>^()[]{}$\n':
if c in tag:
tag = tag.replace(c, '\\' + c)
return tag
escapeTag = staticmethod(escapeTag)

##
# Replaces tags in query with property values in aInfo.
#
@@ -243,8 +250,13 @@ def replaceTag(query, aInfo):
""" Replace tags in query
"""
string = query
for tag in aInfo:
string = string.replace('<' + tag + '>', str(aInfo[tag]))
for tag, value in aInfo.iteritems():
value = str(value) # assure string
if tag == 'matches':
# That one needs to be escaped since its content is
# out of our control
value = escapeTag(value)
string = string.replace('<' + tag + '>', value)
# New line
string = string.replace("<br>", '\n')
return string

0 comments on commit 83109bc

Please sign in to comment.
You can’t perform that action at this time.