Author: timopollmeier Date: 2016-10-12 15:40:06 +0200 (Wed, 12 Oct 2016) New Revision: 26385
Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad_omp.c Log: * src/gsad_omp.c (save_config_nvt_omp): Escape preference name when sending it to manager. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2016-10-12 12:07:36 UTC (rev 26384) +++ trunk/gsa/ChangeLog 2016-10-12 13:40:06 UTC (rev 26385) @@ -1,3 +1,8 @@ +2016-10-12 Timo Pollmeier <timo.pollme...@greenbone.net> + + * src/gsad_omp.c (save_config_nvt_omp): Escape preference name when + sending it to manager. + 2016-10-12 Bj�rn Ricks <bjoern.ri...@greenbone.net> * src/gsad_omp.c (create_target_omp): Remove obsolete check for target_source Modified: trunk/gsa/src/gsad_omp.c =================================================================== --- trunk/gsa/src/gsad_omp.c 2016-10-12 12:07:36 UTC (rev 26384) +++ trunk/gsa/src/gsad_omp.c 2016-10-12 13:40:06 UTC (rev 26385) @@ -13265,6 +13265,7 @@ if (is_timeout) { const char *timeout; + gchar *preference_name_escaped; timeout = params_value (params, "timeout"); @@ -13281,6 +13282,9 @@ "/omp?cmd=get_configs", response_data); } + preference_name_escaped = g_markup_escape_text (preference_name, + -1); + if (strcmp (timeout, "0") == 0) /* Leave out the value to clear the preference. */ ret = openvas_connection_sendf (&connection, @@ -13291,7 +13295,7 @@ "</preference>" "</modify_config>", config_id, - preference_name); + preference_name_escaped); else ret = openvas_connection_sendf (&connection, "<modify_config" @@ -13302,23 +13306,31 @@ "</preference>" "</modify_config>", config_id, - preference_name, + preference_name_escaped, value); + + g_free (preference_name_escaped); } else - ret = openvas_connection_sendf (&connection, - "<modify_config" - " config_id=\"%s\">" - "<preference>" - "<nvt oid=\"%s\"/>" - "<name>%s</name>" - "<value>%s</value>" - "</preference>" - "</modify_config>", - config_id, - params_value (params, "oid"), - preference_name, - value); + { + gchar *preference_name_escaped; + preference_name_escaped = g_markup_escape_text (preference_name, + -1); + ret = openvas_connection_sendf (&connection, + "<modify_config" + " config_id=\"%s\">" + "<preference>" + "<nvt oid=\"%s\"/>" + "<name>%s</name>" + "<value>%s</value>" + "</preference>" + "</modify_config>", + config_id, + params_value (params, "oid"), + preference_name_escaped, + value); + g_free (preference_name_escaped); + } if (ret == -1) {
_______________________________________________ Openvas-commits mailing list Openvas-commits@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits