daemon: escape app strings (name, command) whens storing them in xml. Closes #27

daemon/cmd_load_studio.c

@@ -788,7 +788,9 @@ static void callback_elend(void * data, const char * el)
   }
   else if (context_ptr->element[context_ptr->depth] == PARSE_CONTEXT_APPLICATION)
   {
-    context_ptr->data[context_ptr->data_used] = 0;
+    context_ptr->data[unescape(context_ptr->data, context_ptr->data_used, context_ptr->data)] = 0;
+    unescape(context_ptr->str, strlen(context_ptr->str) + 1, context_ptr->str);
+
     log_info("application '%s' (%s, %s, level %u) with commandline '%s'", context_ptr->str, context_ptr->terminal ? "terminal" : "shell", context_ptr->autorun ? "autorun" : "stopped", (unsigned int)context_ptr->level, context_ptr->data);
 
     if (!ladish_app_supervisor_add(g_studio.app_supervisor, context_ptr->str, context_ptr->autorun, context_ptr->data, context_ptr->terminal, context_ptr->level))

daemon/cmd_save_studio.c

@@ -562,67 +562,94 @@ bool save_studio_connection(void * context, ladish_port_handle port1_handle, lad
 bool save_studio_app(void * context, const char * name, bool running, const char * command, bool terminal, uint8_t level)
 {
   char buf[100];
+  const char * unescaped_string;
+  char * escaped_string;
+  char * escaped_buffer;
+  bool ret;
 
   log_info("saving app: name='%s', %srunning, %s, level %u, commandline='%s'", name, running ? "" : "not ", terminal ? "terminal" : "shell", (unsigned int)level, command);
 
-  if (!write_string(fd, "    <application name=\""))
+  ret = false;
+
+  escaped_buffer = malloc(ladish_max(strlen(name), strlen(command)) * 3 + 1); /* encode each char in three bytes (percent encoding) */
+  if (escaped_buffer == NULL)
   {
-    return false;
+    log_error("malloc() failed.");
+    goto exit;
   }
 
-  if (!write_string(fd, name))
+  if (!write_string(fd, "    <application name=\""))
   {
-    return false;
+    goto free_buffer;
+  }
+
+  unescaped_string = name;
+  escaped_string = escaped_buffer;
+  escape(&unescaped_string, &escaped_string);
+  *escaped_string = 0;
+  if (!write_string(fd, escaped_buffer))
+  {
+    goto free_buffer;
   }
 
   if (!write_string(fd, "\" terminal=\""))
   {
-    return false;
+    goto free_buffer;
   }
 
   if (!write_string(fd, terminal ? "true" : "false"))
   {
-    return false;
+    goto free_buffer;
   }
 
   if (!write_string(fd, "\" level=\""))
   {
-    return false;
+    goto free_buffer;
   }
 
   sprintf(buf, "%u", (unsigned int)level);
 
   if (!write_string(fd, buf))
   {
-    return false;
+    goto free_buffer;
   }
 
   if (!write_string(fd, "\" autorun=\""))
   {
-    return false;
+    goto free_buffer;
   }
 
   if (!write_string(fd, running ? "true" : "false"))
   {
-    return false;
+    goto free_buffer;
   }
 
   if (!write_string(fd, "\">"))
   {
-    return false;
+    goto free_buffer;
   }
 
-  if (!write_string(fd, command))
+  unescaped_string = command;
+  escaped_string = escaped_buffer;
+  escape(&unescaped_string, &escaped_string);
+  *escaped_string = 0;
+  if (!write_string(fd, escaped_buffer))
   {
-    return false;
+    goto free_buffer;
   }
 
   if (!write_string(fd, "</application>\n"))
   {
-    return false;
+    goto free_buffer;
   }
 
-  return true;
+  ret = true;
+
+free_buffer:
+  free(escaped_buffer);
+
+exit:
+  return ret;
 }
 
 #undef indent

daemon/escape.c

@@ -46,6 +46,8 @@ void escape(const char ** src_ptr, char ** dst_ptr)
     case '<':               /* invalid attribute value char (XML spec) */
     case '&':               /* invalid attribute value char (XML spec) */
     case '"':               /* we store attribute values in double quotes - invalid attribute value char (XML spec) */
+    case '\'':
+    case '>':
     case '%':
       dst[0] = '%';
       dst[1] = hex_digits[*src >> 4];