[Openvas-commits] r26385 - in trunk/gsa: . src

Wed, 12 Oct 2016 06:40:27 -0700 

Author: timopollmeier
Date: 2016-10-12 15:40:06 +0200 (Wed, 12 Oct 2016)
New Revision: 26385

Modified:
   trunk/gsa/ChangeLog
   trunk/gsa/src/gsad_omp.c
Log:
        * src/gsad_omp.c (save_config_nvt_omp): Escape preference name when
        sending it to manager.

Modified: trunk/gsa/ChangeLog
===================================================================
--- trunk/gsa/ChangeLog 2016-10-12 12:07:36 UTC (rev 26384)
+++ trunk/gsa/ChangeLog 2016-10-12 13:40:06 UTC (rev 26385)
@@ -1,3 +1,8 @@
+2016-10-12  Timo Pollmeier <timo.pollme...@greenbone.net>
+
+       * src/gsad_omp.c (save_config_nvt_omp): Escape preference name when
+       sending it to manager.
+
 2016-10-12 Bj�rn Ricks <bjoern.ri...@greenbone.net>
 
        * src/gsad_omp.c (create_target_omp): Remove obsolete check for 
target_source

Modified: trunk/gsa/src/gsad_omp.c
===================================================================
--- trunk/gsa/src/gsad_omp.c    2016-10-12 12:07:36 UTC (rev 26384)
+++ trunk/gsa/src/gsad_omp.c    2016-10-12 13:40:06 UTC (rev 26385)
@@ -13265,6 +13265,7 @@
           if (is_timeout)
             {
               const char *timeout;
+              gchar *preference_name_escaped;
 
               timeout = params_value (params, "timeout");
 
@@ -13281,6 +13282,9 @@
                                        "/omp?cmd=get_configs", response_data);
                 }
 
+              preference_name_escaped = g_markup_escape_text (preference_name,
+                                                              -1);
+
               if (strcmp (timeout, "0") == 0)
                 /* Leave out the value to clear the preference. */
                 ret = openvas_connection_sendf (&connection,
@@ -13291,7 +13295,7 @@
                                                 "</preference>"
                                                 "</modify_config>",
                                                 config_id,
-                                                preference_name);
+                                                preference_name_escaped);
               else
                 ret = openvas_connection_sendf (&connection,
                                                 "<modify_config"
@@ -13302,23 +13306,31 @@
                                                 "</preference>"
                                                 "</modify_config>",
                                                 config_id,
-                                                preference_name,
+                                                preference_name_escaped,
                                                 value);
+
+              g_free (preference_name_escaped);
             }
           else
-            ret = openvas_connection_sendf (&connection,
-                                            "<modify_config"
-                                            " config_id=\"%s\">"
-                                            "<preference>"
-                                            "<nvt oid=\"%s\"/>"
-                                            "<name>%s</name>"
-                                            "<value>%s</value>"
-                                            "</preference>"
-                                            "</modify_config>",
-                                            config_id,
-                                            params_value (params, "oid"),
-                                            preference_name,
-                                            value);
+            {
+              gchar *preference_name_escaped;
+              preference_name_escaped = g_markup_escape_text (preference_name,
+                                                              -1);
+              ret = openvas_connection_sendf (&connection,
+                                              "<modify_config"
+                                              " config_id=\"%s\">"
+                                              "<preference>"
+                                              "<nvt oid=\"%s\"/>"
+                                              "<name>%s</name>"
+                                              "<value>%s</value>"
+                                              "</preference>"
+                                              "</modify_config>",
+                                              config_id,
+                                              params_value (params, "oid"),
+                                              preference_name_escaped,
+                                              value);
+              g_free (preference_name_escaped);
+            }
 
           if (ret == -1)
             {


_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits

Reply via email to