H1K0-dev/tanabata
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(dbms): escape JSON strings

Browse Source
This commit is contained in:
Masahiko AMANO 2023-01-27 00:38:46 +03:00
parent 6dd7421050
commit 94b3776ddf
1 changed files with 59 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
tdbms/server/tdbms-server.c
View File

@ -241,6 +241,50 @@ int socket_open() {
return socket_fd; return socket_fd;
} }
// Create an escaped string for JSON
char *escape(const char *plain) {
char *escaped = malloc(BUFSIZ);
size_t size = BUFSIZ;
const char *input;
char *output;
for (input = plain, output = escaped; *input != 0; input++, output++) {
if (output - escaped + 3 >= size) {
off_t offset = output - escaped;
size += BUFSIZ;
escaped = realloc(escaped, size);
output = escaped + offset;
}
switch (*input) {
case '\\':
case '"':
*output = '\\';
output++;
*output = *input;
break;
case '\b':
strcpy(output, "\\b");
output++;
break;
case '\t':
strcpy(output, "\\t");
output++;
break;
case '\n':
strcpy(output, "\\n");
output++;
break;
case '\f':
strcpy(output, "\\f");
output++;
break;
default:
*output = *input;
}
}
*output = 0;
return escaped;
}
// Execute request // Execute request
int execute(char *request, char **response) { int execute(char *request, char **response) {
char request_code = *request; char request_code = *request;
@ -582,9 +626,13 @@ int execute(char *request, char **response) {
if (temp.id == HOLE_ID) { if (temp.id == HOLE_ID) {
return 1; return 1;
} }
char *escaped_name = escape(temp.name),
*escaped_description = escape(temp.description);
sprintf(*response, "{\"status\":true,\"tanzaku_id\":%lu,\"tanzaku_cts\":%lu,\"tanzaku_mts\":%lu," sprintf(*response, "{\"status\":true,\"tanzaku_id\":%lu,\"tanzaku_cts\":%lu,\"tanzaku_mts\":%lu,"
"\"tanzaku_name\":\"%s\",\"tanzaku_desc\":\"%s\"}", "\"tanzaku_name\":\"%s\",\"tanzaku_desc\":\"%s\"}",
temp.id, temp.created_ts, temp.modified_ts, temp.name, temp.description); temp.id, temp.created_ts, temp.modified_ts, escaped_name, escaped_description);
free(escaped_name);
free(escaped_description);
return 0; return 0;
} }
size_t resp_size = BUFSIZ; size_t resp_size = BUFSIZ;
@ -595,9 +643,13 @@ int execute(char *request, char **response) {
if (temp->id == HOLE_ID) { if (temp->id == HOLE_ID) {
continue; continue;
} }
char *escaped_name = escape(temp->name),
*escaped_description = escape(temp->description);
sprintf(buffer, "{\"tanzaku_id\":%lu,\"tanzaku_cts\":%lu,\"tanzaku_mts\":%lu," sprintf(buffer, "{\"tanzaku_id\":%lu,\"tanzaku_cts\":%lu,\"tanzaku_mts\":%lu,"
"\"tanzaku_name\":\"%s\",\"tanzaku_desc\":\"%s\"},", "\"tanzaku_name\":\"%s\",\"tanzaku_desc\":\"%s\"},",
temp->id, temp->created_ts, temp->modified_ts, temp->name, temp->description); temp->id, temp->created_ts, temp->modified_ts, escaped_name, escaped_description);
free(escaped_name);
free(escaped_description);
if (strlen(*response) + strlen(buffer) >= resp_size) { if (strlen(*response) + strlen(buffer) >= resp_size) {
resp_size += BUFSIZ; resp_size += BUFSIZ;
*response = realloc(*response, resp_size); *response = realloc(*response, resp_size);
@ -633,9 +685,13 @@ int execute(char *request, char **response) {
if (temp->id == HOLE_ID) { if (temp->id == HOLE_ID) {
continue; continue;
} }
char *escaped_name = escape(temp->name),
*escaped_description = escape(temp->description);
sprintf(buffer, "{\"tanzaku_id\":%lu,\"tanzaku_cts\":%lu,\"tanzaku_mts\":%lu," sprintf(buffer, "{\"tanzaku_id\":%lu,\"tanzaku_cts\":%lu,\"tanzaku_mts\":%lu,"
"\"tanzaku_name\":\"%s\",\"tanzaku_desc\":\"%s\"},", "\"tanzaku_name\":\"%s\",\"tanzaku_desc\":\"%s\"},",
temp->id, temp->created_ts, temp->modified_ts, temp->name, temp->description); temp->id, temp->created_ts, temp->modified_ts, escaped_name, escaped_description);
free(escaped_name);
free(escaped_description);
if (strlen(*response) + strlen(buffer) >= resp_size) { if (strlen(*response) + strlen(buffer) >= resp_size) {
resp_size += BUFSIZ; resp_size += BUFSIZ;
*response = realloc(*response, resp_size); *response = realloc(*response, resp_size);