[6fc8f95bc6465849249d974d53eecc56c00ffda0fc3c7024bfa5b8e4d794b072/gnome-3-36] extensions-tool: Escape '\' and '"' in json string

From: Florian Müllner <fmuellner src gnome org>
To: commits-list gnome org
Cc:
Subject: [6fc8f95bc6465849249d974d53eecc56c00ffda0fc3c7024bfa5b8e4d794b072/gnome-3-36] extensions-tool: Escape '\' and '"' in json string
Date: Tue, 7 Jul 2020 19:11:40 +0000 (UTC)

commit 390431c5e0ed0c082f4069607c38d6d23d9cd405
Author: Koki Fukuda <ko fu dev gmail com>
Date:   Sun May 24 14:40:07 2020 +0900

    extensions-tool: Escape '\' and '"' in json string
    
    If user-input string contains '\' and/or '"', extensions-tool
    generates invalid json.
    This fixes that by escaping '\' and '"'.
    
    https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1279

 subprojects/extensions-tool/src/command-create.c | 30 +++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)
---
diff --git a/subprojects/extensions-tool/src/command-create.c 
b/subprojects/extensions-tool/src/command-create.c
index e32e7c262b..25439a8502 100644
--- a/subprojects/extensions-tool/src/command-create.c
+++ b/subprojects/extensions-tool/src/command-create.c
@@ -48,6 +48,23 @@ get_shell_version (GError **error)
   return g_strjoinv (".", split_version);
 }
 
+static char *
+escape_json_string (const char *string)
+{
+  GString *escaped = g_string_new (string);
+
+  for (gsize i = 0; i < escaped->len; ++i)
+    {
+      if (escaped->str[i] == '"' || escaped->str[i] == '\\')
+        {
+          g_string_insert_c (escaped, i, '\\');
+          ++i;
+        }
+    }
+
+  return g_string_free (escaped, FALSE);
+}
+
 static gboolean
 create_metadata (GFile       *target_dir,
                  const char  *uuid,
@@ -55,6 +72,9 @@ create_metadata (GFile       *target_dir,
                  const char  *description,
                  GError     **error)
 {
+  g_autofree char *uuid_escaped = NULL;
+  g_autofree char *name_escaped = NULL;
+  g_autofree char *desc_escaped = NULL;
   g_autoptr (GFile) target = NULL;
   g_autoptr (GString) json = NULL;
   g_autofree char *version = NULL;
@@ -63,11 +83,15 @@ create_metadata (GFile       *target_dir,
   if (version == NULL)
     return FALSE;
 
+  uuid_escaped = escape_json_string (uuid);
+  name_escaped = escape_json_string (name);
+  desc_escaped = escape_json_string (description);
+
   json = g_string_new ("{\n");
 
-  g_string_append_printf (json, "  \"name\": \"%s\",\n", name);
-  g_string_append_printf (json, "  \"description\": \"%s\",\n", description);
-  g_string_append_printf (json, "  \"uuid\": \"%s\",\n", uuid);
+  g_string_append_printf (json, "  \"name\": \"%s\",\n", name_escaped);
+  g_string_append_printf (json, "  \"description\": \"%s\",\n", desc_escaped);
+  g_string_append_printf (json, "  \"uuid\": \"%s\",\n", uuid_escaped);
   g_string_append_printf (json, "  \"shell-version\": [\n");
   g_string_append_printf (json, "    \"%s\"\n", version);
   g_string_append_printf (json, "  ]\n}\n");

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]