[libgdata] contacts: Fix attribute escaping for GDataContactsContact
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libgdata] contacts: Fix attribute escaping for GDataContactsContact
- Date: Thu, 2 Dec 2010 16:38:10 +0000 (UTC)
commit 9e04e24eaca7ddbb7a3c98f459baf1593f394e67
Author: Philip Withnall <philip tecnocode co uk>
Date: Thu Dec 2 16:29:24 2010 +0000
contacts: Fix attribute escaping for GDataContactsContact
Helps: bgo#631033
gdata/services/contacts/gdata-contacts-contact.c | 10 ++--
gdata/tests/contacts.c | 58 ++++++++++++++++++++++
2 files changed, 64 insertions(+), 4 deletions(-)
---
diff --git a/gdata/services/contacts/gdata-contacts-contact.c b/gdata/services/contacts/gdata-contacts-contact.c
index 654c8d7..a87a403 100644
--- a/gdata/services/contacts/gdata-contacts-contact.c
+++ b/gdata/services/contacts/gdata-contacts-contact.c
@@ -910,13 +910,16 @@ get_child_xml (GList *list, GString *xml_string)
static void
get_extended_property_xml_cb (const gchar *name, const gchar *value, GString *xml_string)
{
- g_string_append_printf (xml_string, "<gd:extendedProperty name='%s'>%s</gd:extendedProperty>", name, value);
+ /* Note that the value *isn't* escaped (see http://code.google.com/apis/gdata/docs/2.0/elements.html#gdExtendedProperty) */
+ gdata_parser_string_append_escaped (xml_string, "<gd:extendedProperty name='", name, "'>");
+ g_string_append_printf (xml_string, "%s</gd:extendedProperty>", value);
}
static void
get_user_defined_field_xml_cb (const gchar *name, const gchar *value, GString *xml_string)
{
- g_string_append_printf (xml_string, "<gContact:userDefinedField key='%s' value='%s'/>", name, value);
+ gdata_parser_string_append_escaped (xml_string, "<gContact:userDefinedField key='", name, "' ");
+ gdata_parser_string_append_escaped (xml_string, "value='", value, "'/>");
}
static void
@@ -930,7 +933,7 @@ get_group_xml_cb (const gchar *href, gpointer deleted, GString *xml_string)
if (full_pos != NULL)
memcpy ((char*) full_pos, "/base/", 6);
- g_string_append_printf (xml_string, "<gContact:groupMembershipInfo href='%s'/>", uri);
+ gdata_parser_string_append_escaped (xml_string, "<gContact:groupMembershipInfo href='", uri, "'/>");
}
static void
@@ -1042,7 +1045,6 @@ get_xml (GDataParsable *parsable, GString *xml_string)
/* TODO:
* - Finish supporting all tags
- * - Check things are escaped (or not) as appropriate
*/
}
diff --git a/gdata/tests/contacts.c b/gdata/tests/contacts.c
index 4d22bdf..8a95fa9 100644
--- a/gdata/tests/contacts.c
+++ b/gdata/tests/contacts.c
@@ -790,6 +790,62 @@ test_insert_group_async (gconstpointer service)
}
static void
+test_contact_escaping (void)
+{
+ GDataContactsContact *contact;
+ gchar *xml;
+
+ contact = gdata_contacts_contact_new (NULL);
+ gdata_contacts_contact_set_nickname (contact, "Nickname & stuff");
+ gdata_contacts_contact_set_billing_information (contact, "Billing information & stuff");
+ gdata_contacts_contact_set_directory_server (contact, "http://foo.com?foo&bar";);
+ gdata_contacts_contact_set_gender (contact, "Misc. & other");
+ gdata_contacts_contact_set_initials (contact, "<AB>");
+ gdata_contacts_contact_set_maiden_name (contact, "Maiden & name");
+ gdata_contacts_contact_set_mileage (contact, "Over the hills & far away");
+ gdata_contacts_contact_set_occupation (contact, "Occupation & stuff");
+ gdata_contacts_contact_set_priority (contact, "http://foo.com?foo&priority=bar";);
+ gdata_contacts_contact_set_sensitivity (contact, "http://foo.com?foo&sensitivity=bar";);
+ gdata_contacts_contact_set_short_name (contact, "Short name & stuff");
+ gdata_contacts_contact_set_subject (contact, "Subject & stuff");
+ gdata_contacts_contact_add_hobby (contact, "Escaping &s");
+ gdata_contacts_contact_set_extended_property (contact, "extended & prop", "<unescaped>Value should be a pre-escaped XML blob.</unescaped>");
+ gdata_contacts_contact_set_user_defined_field (contact, "User defined field & stuff", "Value & stuff");
+ gdata_contacts_contact_add_group (contact, "http://foo.com?foo&bar";);
+
+ /* Check the outputted XML is escaped properly */
+ xml = gdata_parsable_get_xml (GDATA_PARSABLE (contact));
+ g_assert_cmpstr (xml, ==,
+ "<?xml version='1.0' encoding='UTF-8'?>"
+ "<entry xmlns='http://www.w3.org/2005/Atom' xmlns:gd='http://schemas.google.com/g/2005' "
+ "xmlns:app='http://www.w3.org/2007/app' xmlns:gContact='http://schemas.google.com/contact/2008'>"
+ "<title type='text'></title>"
+ "<category term='http://schemas.google.com/contact/2008#contact' scheme='http://schemas.google.com/g/2005#kind'/>"
+ "<gd:name/>"
+ "<gd:extendedProperty name='extended & prop'>"
+ "<unescaped>Value should be a pre-escaped XML blob.</unescaped>"
+ "</gd:extendedProperty>"
+ "<gContact:userDefinedField key='User defined field & stuff' value='Value & stuff'/>"
+ "<gContact:groupMembershipInfo href='http://foo.com?foo&bar'/>"
+ "<gContact:hobby>Escaping &s</gContact:hobby>"
+ "<gContact:nickname>Nickname & stuff</gContact:nickname>"
+ "<gContact:billingInformation>Billing information & stuff</gContact:billingInformation>"
+ "<gContact:directoryServer>http://foo.com?foo&bar</gContact:directoryServer>"
+ "<gContact:gender value='Misc. & other'/>"
+ "<gContact:initials><AB></gContact:initials>"
+ "<gContact:maidenName>Maiden & name</gContact:maidenName>"
+ "<gContact:mileage>Over the hills & far away</gContact:mileage>"
+ "<gContact:occupation>Occupation & stuff</gContact:occupation>"
+ "<gContact:priority rel='http://foo.com?foo&priority=bar'/>"
+ "<gContact:sensitivity rel='http://foo.com?foo&sensitivity=bar'/>"
+ "<gContact:shortName>Short name & stuff</gContact:shortName>"
+ "<gContact:subject>Subject & stuff</gContact:subject>"
+ "</entry>");
+ g_free (xml);
+ g_object_unref (contact);
+}
+
+static void
test_query_uri (void)
{
gchar *query_uri;
@@ -1828,6 +1884,8 @@ main (int argc, char *argv[])
g_test_add_data_func ("/contacts/groups/insert_async", service, test_insert_group_async);
}
+ g_test_add_func ("/contacts/contact/escaping", test_contact_escaping);
+
g_test_add_func ("/contacts/query/uri", test_query_uri);
g_test_add_func ("/contacts/query/etag", test_query_etag);
g_test_add_func ("/contacts/query/properties", test_query_properties);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
