Author: timopollmeier
Date: 2016-10-12 15:53:37 +0200 (Wed, 12 Oct 2016)
New Revision: 26386

Modified:
   branches/gsa-6.0/ChangeLog
   branches/gsa-6.0/src/gsad_omp.c
Log:
        Backport r26385.

        * src/gsad_omp.c (save_config_nvt_omp): Escape preference name when
        sending it to manager.


Modified: branches/gsa-6.0/ChangeLog
===================================================================
--- branches/gsa-6.0/ChangeLog  2016-10-12 13:40:06 UTC (rev 26385)
+++ branches/gsa-6.0/ChangeLog  2016-10-12 13:53:37 UTC (rev 26386)
@@ -1,5 +1,12 @@
 2016-10-12  Timo Pollmeier <timo.pollme...@greenbone.net>
 
+       Backport r26385.
+
+       * src/gsad_omp.c (save_config_nvt_omp): Escape preference name when
+       sending it to manager.
+
+2016-10-12  Timo Pollmeier <timo.pollme...@greenbone.net>
+
        Backport r26372.
 
        * src/html/classic/omp.xsl (report-hosts-link): Get number of results

Modified: branches/gsa-6.0/src/gsad_omp.c
===================================================================
--- branches/gsa-6.0/src/gsad_omp.c     2016-10-12 13:40:06 UTC (rev 26385)
+++ branches/gsa-6.0/src/gsad_omp.c     2016-10-12 13:53:37 UTC (rev 26386)
@@ -10653,6 +10653,7 @@
           if (is_timeout)
             {
               const char *timeout;
+              gchar *preference_name_escaped;
 
               timeout = params_value (params, "timeout");
 
@@ -10668,6 +10669,9 @@
                                        "/omp?cmd=get_configs");
                 }
 
+              preference_name_escaped = g_markup_escape_text (preference_name,
+                                                              -1);
+
               if (strcmp (timeout, "0") == 0)
                 /* Leave out the value to clear the preference. */
                 ret = openvas_server_sendf (&session,
@@ -10677,7 +10681,7 @@
                                             "</preference>"
                                             "</modify_config>",
                                             config_id,
-                                            preference_name);
+                                            preference_name_escaped);
               else
                 ret = openvas_server_sendf (&session,
                                             "<modify_config config_id=\"%s\">"
@@ -10687,22 +10691,30 @@
                                             "</preference>"
                                             "</modify_config>",
                                             config_id,
-                                            preference_name,
+                                            preference_name_escaped,
                                             value);
+
+              g_free (preference_name_escaped);
             }
           else
-            ret = openvas_server_sendf (&session,
-                                        "<modify_config config_id=\"%s\">"
-                                        "<preference>"
-                                        "<nvt oid=\"%s\"/>"
-                                        "<name>%s</name>"
-                                        "<value>%s</value>"
-                                        "</preference>"
-                                        "</modify_config>",
-                                        config_id,
-                                        params_value (params, "oid"),
-                                        preference_name,
-                                        value);
+            {
+              gchar *preference_name_escaped;
+              preference_name_escaped = g_markup_escape_text (preference_name,
+                                                              -1);
+              ret = openvas_server_sendf (&session,
+                                          "<modify_config config_id=\"%s\">"
+                                          "<preference>"
+                                          "<nvt oid=\"%s\"/>"
+                                          "<name>%s</name>"
+                                          "<value>%s</value>"
+                                          "</preference>"
+                                          "</modify_config>",
+                                          config_id,
+                                          params_value (params, "oid"),
+                                          preference_name,
+                                          value);
+              g_free (preference_name_escaped);
+            }
 
           if (ret == -1)
             {

_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits

Reply via email to