1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-23 04:22:05 +01:00

SMACK-375 Properly escape Strings in DiscoverInfo and DiscoverItems for XML.

git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@13417 b35dd754-fafc-0310-a699-88a17e54d16e
This commit is contained in:
Florian Schmaus 2013-01-31 22:30:36 +00:00 committed by flow
parent 401c37bd28
commit a75d2d7d0d
2 changed files with 13 additions and 11 deletions

View file

@ -21,6 +21,7 @@
package org.jivesoftware.smackx.packet; package org.jivesoftware.smackx.packet;
import org.jivesoftware.smack.packet.IQ; import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.util.StringUtils;
import java.util.Collections; import java.util.Collections;
import java.util.Iterator; import java.util.Iterator;
@ -135,7 +136,7 @@ public class DiscoverInfo extends IQ {
buf.append("<query xmlns=\"http://jabber.org/protocol/disco#info\""); buf.append("<query xmlns=\"http://jabber.org/protocol/disco#info\"");
if (getNode() != null) { if (getNode() != null) {
buf.append(" node=\""); buf.append(" node=\"");
buf.append(getNode()); buf.append(StringUtils.escapeForXML(getNode()));
buf.append("\""); buf.append("\"");
} }
buf.append(">"); buf.append(">");
@ -222,10 +223,10 @@ public class DiscoverInfo extends IQ {
public String toXML() { public String toXML() {
StringBuilder buf = new StringBuilder(); StringBuilder buf = new StringBuilder();
buf.append("<identity category=\"").append(category).append("\""); buf.append("<identity category=\"").append(StringUtils.escapeForXML(category)).append("\"");
buf.append(" name=\"").append(name).append("\""); buf.append(" name=\"").append(StringUtils.escapeForXML(name)).append("\"");
if (type != null) { if (type != null) {
buf.append(" type=\"").append(type).append("\""); buf.append(" type=\"").append(StringUtils.escapeForXML(type)).append("\"");
} }
buf.append("/>"); buf.append("/>");
return buf.toString(); return buf.toString();
@ -262,7 +263,7 @@ public class DiscoverInfo extends IQ {
public String toXML() { public String toXML() {
StringBuilder buf = new StringBuilder(); StringBuilder buf = new StringBuilder();
buf.append("<feature var=\"").append(variable).append("\"/>"); buf.append("<feature var=\"").append(StringUtils.escapeForXML(variable)).append("\"/>");
return buf.toString(); return buf.toString();
} }
} }

View file

@ -21,6 +21,7 @@
package org.jivesoftware.smackx.packet; package org.jivesoftware.smackx.packet;
import org.jivesoftware.smack.packet.IQ; import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.util.StringUtils;
import java.util.Collections; import java.util.Collections;
import java.util.Iterator; import java.util.Iterator;
@ -94,7 +95,7 @@ public class DiscoverItems extends IQ {
buf.append("<query xmlns=\"http://jabber.org/protocol/disco#items\""); buf.append("<query xmlns=\"http://jabber.org/protocol/disco#items\"");
if (getNode() != null) { if (getNode() != null) {
buf.append(" node=\""); buf.append(" node=\"");
buf.append(getNode()); buf.append(StringUtils.escapeForXML(getNode()));
buf.append("\""); buf.append("\"");
} }
buf.append(">"); buf.append(">");
@ -222,13 +223,13 @@ public class DiscoverItems extends IQ {
StringBuilder buf = new StringBuilder(); StringBuilder buf = new StringBuilder();
buf.append("<item jid=\"").append(entityID).append("\""); buf.append("<item jid=\"").append(entityID).append("\"");
if (name != null) { if (name != null) {
buf.append(" name=\"").append(name).append("\""); buf.append(" name=\"").append(StringUtils.escapeForXML(name)).append("\"");
} }
if (node != null) { if (node != null) {
buf.append(" node=\"").append(node).append("\""); buf.append(" node=\"").append(StringUtils.escapeForXML(node)).append("\"");
} }
if (action != null) { if (action != null) {
buf.append(" action=\"").append(action).append("\""); buf.append(" action=\"").append(StringUtils.escapeForXML(action)).append("\"");
} }
buf.append("/>"); buf.append("/>");
return buf.toString(); return buf.toString();