Bug#385370: invalid RSS
The previous patch is suboptimal. I'm thinking of a way to make the players, the aggretators and the browsers happy altogether. I'd like to give it some more testing and if everything's fine, I'll upload something soon. HTH T-Bone On 8/31/06, martin f krafft [EMAIL PROTECTED] wrote: also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.1731 +0200]: Can we hold this untill this weekend then? I'll have some time then to look closer to that, unless Regis beats me to it. Of course. -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck http://debiansystem.info `- Debian - when you have better things to do than fixing systems -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE9wgeIgvIgzMMSnURAn0nAKDUiFsasf60cGjZF0SO6g1qutZZjwCg12NM SKPu0dZl0kw/1Lvut/6DIH0= =olng -END PGP SIGNATURE- -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#385370: invalid RSS
severity 385370 minor tags 385370 help thanks Hi I don't understand what's wrong. You underlined the UTF8 string, which looks ok to me... Thanks T-Bone On 8/30/06, martin f krafft [EMAIL PROTECTED] wrote: Package: libapache2-mod-musicindex Version: 1.1.1-1 Severity: normal when calling action=RSS, the rendered XML is not well-formed: XML Parsing Error: not well-formed Location: http://tunes.madduck.net/artists/tool/%c3%a6nima/?action=RSS Line Number 44, Column 82: linkhttp://tunes.madduck.net:80/artists/tool/%c3%a6nima/05-forty_six__2.ogg?stream/link -^ -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.17-2-amd64 Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages libapache2-mod-musicindex depends on: ii apache2-common 2.0.55-4.1 next generation, scalable, extenda ii libapr0 2.0.55-4.1 the Apache Portable Runtime ii libarchive1 1.2.53-2 Single library to read/write tar, ii libc6 2.3.999.2-12 GNU C Library: Shared libraries ii libflac71.1.2-5 Free Lossless Audio Codec - runtim ii libid3tag0 0.15.1b-8ID3 tag reading library from the M ii libmad0 0.15.1b-2.1 MPEG audio decoder library ii libvorbis0a 1.1.2-1 The Vorbis General Audio Compressi ii libvorbisfile3 1.1.2-1 The Vorbis General Audio Compressi ii mod-musicindex-common 1.1.1-1 Common files for mod-musicindex libapache2-mod-musicindex recommends no packages. -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck http://debiansystem.info `- Debian - when you have better things to do than fixing systems -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE9epQIgvIgzMMSnURAoq0AJ4jgStyJaApT67BS0UNQzwAKBhD3wCfVMtN WvCE1PPUBRaMXrPUC+evEgI= =nLYz -END PGP SIGNATURE- -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#385370: invalid RSS
also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.0859 +0200]: I don't understand what's wrong. You underlined the UTF8 string, which looks ok to me... The ? must be escaped in URLs, and any as well. -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck http://debiansystem.info `- Debian - when you have better things to do than fixing systems signature.asc Description: Digital signature (GPG/PGP)
Bug#385370: invalid RSS
On 8/31/06, martin f krafft [EMAIL PROTECTED] wrote:
also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.0859 +0200]:
I don't understand what's wrong. You underlined the UTF8 string, which
looks ok to me...
The ? must be escaped in URLs, and any as well.
There's no escape sequence for '?'. It's '' at fault here. I
unfortunately introduced this bug trying to fix another one: xmms
apparently won't play files in playlists containing amp;.
Considering what I just read on w3.org, I suppose that's a bug in
xmms. ;)
Anyway, I cooked the attached patch. If you have some time for
debugging, I'd welcome you try it with as many files as you can,
especially as nasty filenames as you can, with as many
players/browsers/aggregators as you can, and let me know how things
go. I expect it'll break xmms. If you use it and it does break it,
feel free to send a bugreport against it :)
It's a quick and dirty sed, plus a couple fix for potential similar
issues with CSS in send_head. I haven't even checked it builds, I hope
it does :)
Thanks a lot
T-Bone
--
Thibaut VARENE
http://www.parisc-linux.org/~varenet/
--- mod_musicindex/src/html.c.orig 2006-08-01 01:30:15.0 +0200
+++ mod_musicindex/src/html.c 2006-08-31 11:50:07.0 +0200
@@ -199,7 +199,7 @@
if ((current[0] == '\0') || (current[1] == '\0')) /* current dir is either or / */
ap_rputs(_(In Current Directory), r);
else
- ap_rvputs(r, _(In ), a href=\, ap_escape_uri(r-pool, current), \, ap_escape_html(r-pool, current), /a, NULL);
+ ap_rvputs(r, _(In ), a href=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, current)), \, ap_escape_html(r-pool, current), /a, NULL);
ap_rputs(/th\n
/tr\n, r);
@@ -229,12 +229,12 @@
if (customlist == 0) {
if (q-flags EF_ALLOWDWNLD) /* Display [download] */
- ap_rvputs(r, a href=\, ap_escape_uri(r-pool, q-file), \
+ ap_rvputs(r, a href=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, q-file)), \
img alt=\[D]\ title=\, _(Download), \ src=\, conf-directory, /,
Gfetch_icon, \ //a\n, NULL);
if (q-flags EF_ALLOWSTREAM) /* Display [stream] */
- ap_rvputs(r, a href=\, ap_escape_uri(r-pool, q-file), ?stream\
+ ap_rvputs(r, a href=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, q-file)), ?stream\
img alt=\[S]\ title=\, _(Stream), \ src=\, conf-directory, /,
Gsound_icon, \ //a\n, NULL);
}
@@ -379,7 +379,7 @@
}
/* add the uri and potential command */
- ap_rvputs(r, prefix, ap_escape_uri(r-pool, uri), NULL);
+ ap_rvputs(r, prefix, ap_escape_html(r-pool, ap_escape_uri(r-pool, uri)), NULL);
if (command)
ap_rputs(command, r);
}
@@ -392,6 +392,8 @@
*
* @param r Apache request_rec struct to handle connection details.
* @param conf MusicIndex configuration paramaters struct.
+ *
+ * @bug When we'll allow conf-directory to be modified, have to escape html/uri.
*/
void send_head(request_rec *r, const mu_config *const conf)
{
@@ -429,9 +431,9 @@
if (!strcmp(dstruct-d_name, conf-css))
ap_rputs( link rel=\stylesheet\ title=\default\, r);
else
- ap_rvputs(r, link rel=\alternate stylesheet\ title=\, dstruct-d_name, \, NULL);
+ ap_rvputs(r, link rel=\alternate stylesheet\ title=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, dstruct-d_name)), \, NULL);
- ap_rvputs(r, type=\text/css\ href=\, conf-directory, /, dstruct-d_name, \ /\n, NULL);
+ ap_rvputs(r, type=\text/css\ href=\, conf-directory, /, ap_escape_html(r-pool, ap_escape_uri(r-pool, dstruct-d_name)), \ /\n, NULL);
}
}
closedir(dir);
@@ -515,7 +517,7 @@
dir = localconf-title;
*u = '\0';
- ap_rvputs(r,a href=\, ap_escape_uri(r-pool, uri), /\, ap_escape_html(r-pool, dir), /a\n, NULL);
+ ap_rvputs(r,a href=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, uri)), /\, ap_escape_html(r-pool, dir), /a\n, NULL);
*u = '/';
if (*(u+1) != '\0')
@@ -587,7 +589,7 @@
/* XXX collision avec le header, a regler */
if (conf-options MI_ALLOWSEARCH) {
ap_rvputs(r,
- form method=\post\ action=\, ap_escape_uri(r-pool, r-uri), \
+ form method=\post\ action=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, r-uri)), \
enctype=\application/x-www-form-urlencoded\
id=\searching\\n
p\n
@@ -658,7 +660,7 @@
ap_rputs( tr\n, r);
ap_rvputs(r, td\n
- a href=\, ap_escape_uri(r-pool, q-file), NULL);
+ a href=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, q-file)), NULL);
ap_rputs(\img alt=\\ src=\, r);
#ifdef SHOW_THUMBNAILS
@@ -679,20 +681,20 @@
ap_rputs(\ //a\n, r);
ap_rvputs(r,div\n
- a href=\, ap_escape_uri(r-pool, q-file), \,
+ a href=\, ap_escape_html(r-pool, ap_escape_uri(r-pool, q-file)), \,
temp, /abr /\n, NULL);
/* show various useful links when needed */
if (q-flags EF_ALLOWSTREAM) {
ap_rvputs(r, a class=\shuffle\ href=\,
-ap_escape_uri(r-pool, q-file),
+
Bug#385370: invalid RSS
also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.1156 +0200]: Anyway, I cooked the attached patch. If you have some time for debugging, I'd welcome you try it with as many files as you can, especially as nasty filenames as you can, with as many players/browsers/aggregators as you can, and let me know how things go. I expect it'll break xmms. If you use it and it does break it, feel free to send a bugreport against it :) I would appreciate if you prepared a package. I tried but ran into troubles: - Considering apache2-dev - Trying apache2-dev - Cannot install apache2-dev; apt errors follow: Reading package lists... Done Building dependency tree... Done Package apache2-dev is a virtual package provided by: apache2-threaded-dev 2.0.55-4.1 You should explicitly select one to install. E: Package apache2-dev has no installation candidate - Considering apache2-threaded-dev to satisfy the dependency - Cannot install apache2-threaded-dev; apt errors follow: This is possibly a FTBFS bug. Do you want me to file it, or can we do it this way? -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck http://debiansystem.info `- Debian - when you have better things to do than fixing systems signature.asc Description: Digital signature (GPG/PGP)
Bug#385370: invalid RSS
On 8/31/06, martin f krafft [EMAIL PROTECTED] wrote: also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.1156 +0200]: Anyway, I cooked the attached patch. If you have some time for debugging, I'd welcome you try it with as many files as you can, especially as nasty filenames as you can, with as many players/browsers/aggregators as you can, and let me know how things go. I expect it'll break xmms. If you use it and it does break it, feel free to send a bugreport against it :) I would appreciate if you prepared a package. I tried but ran into troubles: I don't really have time for this right now (i'm preparing to start a new job tomorrow) and I don't have an x86 box... - Considering apache2-dev - Trying apache2-dev - Cannot install apache2-dev; apt errors follow: Reading package lists... Done Building dependency tree... Done Package apache2-dev is a virtual package provided by: apache2-threaded-dev 2.0.55-4.1 You should explicitly select one to install. E: Package apache2-dev has no installation candidate - Considering apache2-threaded-dev to satisfy the dependency - Cannot install apache2-threaded-dev; apt errors follow: This is possibly a FTBFS bug. Do you want me to file it, or can we do it this way? That doesn't really make sense to me. It worked this way for ages and afaict there are numerous package using apache2-dev as build-deps. Besides there's no ambiguity, it's a virtual package provided by only one package, so it should take it... I don't get it. anyway, I suppose changing a line in build-deps isn't a big deal... I would really appreciate if you could just edit debian/control accordingly to what the error message says (s/apache2-dev/apache2-threaded-dev/) and try again. Thanks a lot. T-Bone -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#385370: invalid RSS
also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.1606 +0200]: I don't really have time for this right now (i'm preparing to start a new job tomorrow) and I don't have an x86 box... Good luck. Do you want me to just upload -2 to unstable with the patch? That doesn't really make sense to me. It worked this way for ages and afaict there are numerous package using apache2-dev as build-deps. Besides there's no ambiguity, it's a virtual package provided by only one package, so it should take it... I don't get it. Mh, it's likely a new change. Anyway, you cannot build-depend on a virtual package without an alternative. Unfortunately it's not possible to build against unstable or testing right now due to the db4.4v4.3 problem with apache2-dev (#383659). -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck http://debiansystem.info `- Debian - when you have better things to do than fixing systems signature.asc Description: Digital signature (GPG/PGP)
Bug#385370: invalid RSS
On 8/31/06, martin f krafft [EMAIL PROTECTED] wrote: also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.1606 +0200]: I don't really have time for this right now (i'm preparing to start a new job tomorrow) and I don't have an x86 box... Good luck. Do you want me to just upload -2 to unstable with the patch? No please don't. If you can test the patch relatively thoroughly and it works for you, I'll prepare a new release ASAP (remember i'm both the packager and one of the upstream devs) - I don't want to introduce version skew between debian and what I release to the wild... That doesn't really make sense to me. It worked this way for ages and afaict there are numerous package using apache2-dev as build-deps. Besides there's no ambiguity, it's a virtual package provided by only one package, so it should take it... I don't get it. Mh, it's likely a new change. Anyway, you cannot build-depend on a virtual package without an alternative. Ok, thanks for the info, I'll fix that in the next upload. Unfortunately it's not possible to build against unstable or testing right now due to the db4.4v4.3 problem with apache2-dev (#383659). *sigh*. Can we hold this untill this weekend then? I'll have some time then to look closer to that, unless Regis beats me to it. Thanks T-Bone -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#385370: invalid RSS
also sprach Thibaut VARENE [EMAIL PROTECTED] [2006.08.31.1731 +0200]: Can we hold this untill this weekend then? I'll have some time then to look closer to that, unless Regis beats me to it. Of course. -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck http://debiansystem.info `- Debian - when you have better things to do than fixing systems signature.asc Description: Digital signature (GPG/PGP)
Bug#385370: invalid RSS
Package: libapache2-mod-musicindex Version: 1.1.1-1 Severity: normal when calling action=RSS, the rendered XML is not well-formed: XML Parsing Error: not well-formed Location: http://tunes.madduck.net/artists/tool/%c3%a6nima/?action=RSS Line Number 44, Column 82: linkhttp://tunes.madduck.net:80/artists/tool/%c3%a6nima/05-forty_six__2.ogg?stream/link -^ -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.17-2-amd64 Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages libapache2-mod-musicindex depends on: ii apache2-common 2.0.55-4.1 next generation, scalable, extenda ii libapr0 2.0.55-4.1 the Apache Portable Runtime ii libarchive1 1.2.53-2 Single library to read/write tar, ii libc6 2.3.999.2-12 GNU C Library: Shared libraries ii libflac71.1.2-5 Free Lossless Audio Codec - runtim ii libid3tag0 0.15.1b-8ID3 tag reading library from the M ii libmad0 0.15.1b-2.1 MPEG audio decoder library ii libvorbis0a 1.1.2-1 The Vorbis General Audio Compressi ii libvorbisfile3 1.1.2-1 The Vorbis General Audio Compressi ii mod-musicindex-common 1.1.1-1 Common files for mod-musicindex libapache2-mod-musicindex recommends no packages. -- no debconf information -- .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck http://debiansystem.info `- Debian - when you have better things to do than fixing systems signature.asc Description: Digital signature (GPG/PGP)
