mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-11-30 02:02:06 +01:00
SMACK-375 Properly escape Strings in DiscoverInfo and DiscoverItems for XML.
git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@13417 b35dd754-fafc-0310-a699-88a17e54d16e
This commit is contained in:
parent
401c37bd28
commit
a75d2d7d0d
2 changed files with 13 additions and 11 deletions
|
@ -21,6 +21,7 @@
|
||||||
package org.jivesoftware.smackx.packet;
|
package org.jivesoftware.smackx.packet;
|
||||||
|
|
||||||
import org.jivesoftware.smack.packet.IQ;
|
import org.jivesoftware.smack.packet.IQ;
|
||||||
|
import org.jivesoftware.smack.util.StringUtils;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
|
@ -135,7 +136,7 @@ public class DiscoverInfo extends IQ {
|
||||||
buf.append("<query xmlns=\"http://jabber.org/protocol/disco#info\"");
|
buf.append("<query xmlns=\"http://jabber.org/protocol/disco#info\"");
|
||||||
if (getNode() != null) {
|
if (getNode() != null) {
|
||||||
buf.append(" node=\"");
|
buf.append(" node=\"");
|
||||||
buf.append(getNode());
|
buf.append(StringUtils.escapeForXML(getNode()));
|
||||||
buf.append("\"");
|
buf.append("\"");
|
||||||
}
|
}
|
||||||
buf.append(">");
|
buf.append(">");
|
||||||
|
@ -222,10 +223,10 @@ public class DiscoverInfo extends IQ {
|
||||||
|
|
||||||
public String toXML() {
|
public String toXML() {
|
||||||
StringBuilder buf = new StringBuilder();
|
StringBuilder buf = new StringBuilder();
|
||||||
buf.append("<identity category=\"").append(category).append("\"");
|
buf.append("<identity category=\"").append(StringUtils.escapeForXML(category)).append("\"");
|
||||||
buf.append(" name=\"").append(name).append("\"");
|
buf.append(" name=\"").append(StringUtils.escapeForXML(name)).append("\"");
|
||||||
if (type != null) {
|
if (type != null) {
|
||||||
buf.append(" type=\"").append(type).append("\"");
|
buf.append(" type=\"").append(StringUtils.escapeForXML(type)).append("\"");
|
||||||
}
|
}
|
||||||
buf.append("/>");
|
buf.append("/>");
|
||||||
return buf.toString();
|
return buf.toString();
|
||||||
|
@ -262,8 +263,8 @@ public class DiscoverInfo extends IQ {
|
||||||
|
|
||||||
public String toXML() {
|
public String toXML() {
|
||||||
StringBuilder buf = new StringBuilder();
|
StringBuilder buf = new StringBuilder();
|
||||||
buf.append("<feature var=\"").append(variable).append("\"/>");
|
buf.append("<feature var=\"").append(StringUtils.escapeForXML(variable)).append("\"/>");
|
||||||
return buf.toString();
|
return buf.toString();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,7 @@
|
||||||
package org.jivesoftware.smackx.packet;
|
package org.jivesoftware.smackx.packet;
|
||||||
|
|
||||||
import org.jivesoftware.smack.packet.IQ;
|
import org.jivesoftware.smack.packet.IQ;
|
||||||
|
import org.jivesoftware.smack.util.StringUtils;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
|
@ -94,7 +95,7 @@ public class DiscoverItems extends IQ {
|
||||||
buf.append("<query xmlns=\"http://jabber.org/protocol/disco#items\"");
|
buf.append("<query xmlns=\"http://jabber.org/protocol/disco#items\"");
|
||||||
if (getNode() != null) {
|
if (getNode() != null) {
|
||||||
buf.append(" node=\"");
|
buf.append(" node=\"");
|
||||||
buf.append(getNode());
|
buf.append(StringUtils.escapeForXML(getNode()));
|
||||||
buf.append("\"");
|
buf.append("\"");
|
||||||
}
|
}
|
||||||
buf.append(">");
|
buf.append(">");
|
||||||
|
@ -222,16 +223,16 @@ public class DiscoverItems extends IQ {
|
||||||
StringBuilder buf = new StringBuilder();
|
StringBuilder buf = new StringBuilder();
|
||||||
buf.append("<item jid=\"").append(entityID).append("\"");
|
buf.append("<item jid=\"").append(entityID).append("\"");
|
||||||
if (name != null) {
|
if (name != null) {
|
||||||
buf.append(" name=\"").append(name).append("\"");
|
buf.append(" name=\"").append(StringUtils.escapeForXML(name)).append("\"");
|
||||||
}
|
}
|
||||||
if (node != null) {
|
if (node != null) {
|
||||||
buf.append(" node=\"").append(node).append("\"");
|
buf.append(" node=\"").append(StringUtils.escapeForXML(node)).append("\"");
|
||||||
}
|
}
|
||||||
if (action != null) {
|
if (action != null) {
|
||||||
buf.append(" action=\"").append(action).append("\"");
|
buf.append(" action=\"").append(StringUtils.escapeForXML(action)).append("\"");
|
||||||
}
|
}
|
||||||
buf.append("/>");
|
buf.append("/>");
|
||||||
return buf.toString();
|
return buf.toString();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue