From: Maxim Dounin Date: Wed, 14 Dec 2011 18:04:06 +0000 (+0000) Subject: Merge of r4313: X-Git-Tag: release-1.0.11~2 X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/postgres_fdw.c?a=commitdiff_plain;h=10205366633be309af080130655520c40181e41f;p=nginx.git Merge of r4313: Added escaping of double quotes in ngx_escape_html(). Patch by Zaur Abasmirzoev. --- diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c index 29f8e0d67..f5e1d4bf3 100644 --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size) len += sizeof("&") - 2; break; + case '"': + len += sizeof(""") - 2; + break; + default: break; } @@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size) *dst++ = ';'; break; + case '"': + *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o'; + *dst++ = 't'; *dst++ = ';'; + break; + default: *dst++ = ch; break;