src/misc/vlm.c: fix FindEndCommand quote escaping

share/http/js/*.js: escape inputs in vlm commands

src/misc/vlm.c: fix FindEndCommand quote escaping
share/http/js/*.js: escape inputs in vlm commands
10698424 · Antoine Cellerier · 55aa3b59 · 10698424 · 10698424 · 10698424
Commit 10698424 authored Mar 29, 2006 by Antoine Cellerier
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 7 deletions

share/http/js/mosaic.js share/http/js/mosaic.js +2 -2

share/http/js/vlm.js share/http/js/vlm.js +8 -3

src/misc/vlm.c src/misc/vlm.c +4 -2

No files found.
--- a/share/http/js/mosaic.js
+++ b/share/http/js/mosaic.js
@@ -191,7 +191,7 @@ function mosaic_code_update()
 "\n"+
 "# Background options\n"+
 "new   bg broadcast enabled\n"+
-"setup bg input     " + value( 'mosaic_bg_input' ) + "\n";
+"setup bg input     " + sanitize_input( value( 'mosaic_bg_input' ) ) + "\n";
    if( value( 'mosaic_output' ) )
    {
        code.value +=
@@ -247,7 +247,7 @@ function mosaic_code_update()
                var s = cells[id];
                code.value +=
 "new   " + s + " broadcast enabled\n"+
-"setup " + s + " input     " + streams[s] + "\n"+
+"setup " + s + " input     " + sanitize_input( streams[s] ) + "\n"+
 "setup " + s + " output #duplicate{dst=mosaic-bridge{id=" + s + ",width="+cell_width+",height="+cell_height+"},select=video,dst=bridge-out,select=audio}\n"+
 "\n";
            }

--- a/share/http/js/vlm.js
+++ b/share/http/js/vlm.js
@@ -151,6 +151,11 @@ function vlm_schedule_type_change( name )
    }
 }
+function sanitize_input( str )
+{
+    return str.replace( /\\/g, '\\\\').replace( /\'/g, '\\\'' ).replace( /\"/g, '\\\"' ).replace( /^/, '"' ).replace( /$/, '"' );
+}
 function update_vlm_add_broadcast()
 {
    var cmd = document.getElementById( 'vlm_command' );
@@ -172,7 +177,7 @@ function update_vlm_add_broadcast()
        if( value( 'vlm_broadcast_input' ) )
        {
-            cmd.value += " input " + value( 'vlm_broadcast_input' );
+            cmd.value += " input " + sanitize_input( value( 'vlm_broadcast_input' ) );
        }
        if( value( 'vlm_broadcast_output' ) )
@@ -202,7 +207,7 @@ function update_vlm_add_vod()
        if( value( 'vlm_vod_input' ) )
        {
-            cmd.value += " input " + value( 'vlm_vod_input' );
+            cmd.value += " input " + sanitize_input( value( 'vlm_vod_input' ) );
        }
        if( value( 'vlm_vod_output' ) )
@@ -696,7 +701,7 @@ function vlm_delete_input( name, num )
 function vlm_add_input( name, input )
 {
-    document.getElementById( 'vlm_command' ).value = "setup "+name+" input "+input;
+    document.getElementById( 'vlm_command' ).value = "setup "+name+" input "+sanitize_input( input );
    vlm_cmd( value( 'vlm_command' ) );
 }

--- a/src/misc/vlm.c
+++ b/src/misc/vlm.c
@@ -266,7 +266,8 @@ static const char *FindEndCommand( const char *psz_sent )
    {
    case '\"':
        psz_sent++;
-        while( ( *psz_sent != '\"' ) && ( *psz_sent != '\0' ) )
+        while( ( *psz_sent != '\"' || b_escape == VLC_TRUE )
+               && ( *psz_sent != '\0' ) )
        {
            if( *psz_sent == '\'' && b_escape == VLC_FALSE )
            {
@@ -292,7 +293,8 @@ static const char *FindEndCommand( const char *psz_sent )
    case '\'':
        psz_sent++;
-        while( ( *psz_sent != '\'' ) && ( *psz_sent != '\0' ) )
+        while( ( *psz_sent != '\'' || b_escape == VLC_TRUE )
+                 && ( *psz_sent != '\0' ) )
        {
            if( *psz_sent == '\"' && b_escape == VLC_FALSE )
            {