From dbd7b8b8e9b00b42033036916300dad457c54b0a Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Tue, 25 Aug 2009 21:32:39 +0000
Subject: [PATCH] - client: when writing XML, entity-encode the following
 fields:     FILE_INFO::url     HOST_INFO::p_vendor, p_model, p_features,
 os_name, os_version

    The following fields are already entity-encoded:
    PROJECT::user_name, team_name
    APP_INIT_DATA::user_name, team_name
    PROXY_INFO:: user names and passwds

    These are (as far as I know) the only fields that can
    contain special chars.
    This is now documented in:
    http://boinc.berkeley.edu/trac/wiki/XmlNotes
- client: XML_PARSER::parse_str() now does xml_unescape(),
    same as ::parse_str().


svn path=/trunk/boinc/; revision=18915
---
 checkin_notes           | 23 +++++++++++++++++++++++
 client/client_types.cpp |  4 +++-
 doc/boinc_news.php      |  4 ++++
 lib/hostinfo.cpp        | 16 +++++++++++-----
 lib/parse.cpp           |  2 +-
 5 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/checkin_notes b/checkin_notes
index 7cee85e128..bc9cfa32aa 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -7200,3 +7200,26 @@ David  24 Aug 2009
         client_types.cpp
     lib/
         coproc.cpp,h
+
+David  25 Aug 2009
+    - client: when writing XML, entity-encode the following fields:
+        FILE_INFO::url
+        HOST_INFO::p_vendor, p_model, p_features, os_name, os_version
+
+        The following fields are already entity-encoded:
+        PROJECT::user_name, team_name
+        APP_INIT_DATA::user_name, team_name
+        PROXY_INFO:: user names and passwds
+
+        These are (as far as I know) the only fields that can
+        contain special chars.
+        This is now documented in:
+        http://boinc.berkeley.edu/trac/wiki/XmlNotes
+    - client: XML_PARSER::parse_str() now does xml_unescape(),
+        same as ::parse_str().
+
+    client/
+        client_types.cpp
+    lib/
+        hostinfo.cpp
+        parse.cpp
diff --git a/client/client_types.cpp b/client/client_types.cpp
index 97df784493..2f77fa2316 100644
--- a/client/client_types.cpp
+++ b/client/client_types.cpp
@@ -845,6 +845,7 @@ int FILE_INFO::parse(MIOFILE& in, bool from_server) {
 int FILE_INFO::write(MIOFILE& out, bool to_server) {
     unsigned int i;
     int retval;
+    char buf[1024];
 
     out.printf(
         "<file_info>\n"
@@ -874,7 +875,8 @@ int FILE_INFO::write(MIOFILE& out, bool to_server) {
         if (strlen(file_signature)) out.printf("    <file_signature>\n%s</file_signature>\n", file_signature);
     }
     for (i=0; i<urls.size(); i++) {
-        out.printf("    <url>%s</url>\n", urls[i].c_str());
+        xml_escape(urls[i].c_str(), buf, sizeof(buf));
+        out.printf("    <url>%s</url>\n", buf);
     }
     if (!to_server && pers_file_xfer) {
         retval = pers_file_xfer->write(out);
diff --git a/doc/boinc_news.php b/doc/boinc_news.php
index 886b4d8c14..88b96720ef 100644
--- a/doc/boinc_news.php
+++ b/doc/boinc_news.php
@@ -1,6 +1,10 @@
 <?
 
 $project_news = array(
+array("August 24, 2009",
+    "UNITAR, UNIGE and CERN have agreed to collaborate on a <a href=http://www.unitar.org/citizen_cyberscience_centre_project>Citizen Cyberscience Centre</a>
+    which, among other things, will promote volunteer computing."
+),
 array("August 19, 2009",
     "The EDGeS project is offering a
     <a href=http://edges-grid.eu/web/userforum/3rdtraining>tutorial on
diff --git a/lib/hostinfo.cpp b/lib/hostinfo.cpp
index 4253361982..4fa103e9da 100644
--- a/lib/hostinfo.cpp
+++ b/lib/hostinfo.cpp
@@ -111,6 +111,7 @@ int HOST_INFO::parse(MIOFILE& in) {
 // or in a scheduler request message
 //
 int HOST_INFO::write(MIOFILE& out, bool suppress_net_info) {
+    char pv[265], pm[256], pf[256], osn[256], osv[256]
     out.printf(
         "<host_info>\n"
         "    <timezone>%d</timezone>\n",
@@ -124,6 +125,11 @@ int HOST_INFO::write(MIOFILE& out, bool suppress_net_info) {
             ip_addr
         );
     }
+    xml_escape(p_vendor, pv, sizeof(pv));
+    xml_escape(p_model, pm, sizeof(pm));
+    xml_escape(p_features, pf, sizeof(pf));
+    xml_escape(os_name, osn, sizeof(osn));
+    xml_escape(os_version, osv, sizeof(osv));
     out.printf(
         "    <host_cpid>%s</host_cpid>\n"
         "    <p_ncpus>%d</p_ncpus>\n"
@@ -144,9 +150,9 @@ int HOST_INFO::write(MIOFILE& out, bool suppress_net_info) {
         "</host_info>\n",
         host_cpid,
         p_ncpus,
-        p_vendor,
-        p_model,
-        p_features,
+        pv,
+        pm,
+        pf,
         p_fpops,
         p_iops,
         p_membw,
@@ -156,8 +162,8 @@ int HOST_INFO::write(MIOFILE& out, bool suppress_net_info) {
         m_swap,
         d_total,
         d_free,
-        os_name,
-        os_version
+        osn,
+        osv
     );
     return 0;
 }
diff --git a/lib/parse.cpp b/lib/parse.cpp
index ca75c921b0..66feaf2e1e 100644
--- a/lib/parse.cpp
+++ b/lib/parse.cpp
@@ -617,7 +617,7 @@ bool XML_PARSER::parse_str(
     if (eof) return false;
     if (!is_tag) return false;
     if (strcmp(tag, end_tag)) return false;
-    strlcpy(buf, tmp, len);
+    xml_unescape(tmp, buf, len);
     return true;
 }