#include <time.h>
#include "decodekey.h"
-#include "getcgi.h"
#include "keydb.h"
#include "keyid.h"
#include "keyindex.h"
return typech;
}
+/**
+ * html_escape - Takes a string and converts it to HTML.
+ * @src: The string to HTMLize.
+ * @src_len: The length of the source string
+ * @dst: A buffer to put the escaped string into
+ * @dst_len: Length of the destination buffer (including a trailing NULL)
+ *
+ * Takes a string and escapes any HTML entities (<, >, &, ", '). Returns
+ * dst.
+ */
+const char *html_escape(const char *src, size_t src_len,
+ char *dst, size_t dst_len)
+{
+ size_t in_pos, out_pos;
+
+ dst_len--;
+
+ for (in_pos = 0, out_pos = 0;
+ in_pos < src_len && out_pos < (dst_len - 1);
+ in_pos++, out_pos++) {
+ switch (src[in_pos]) {
+ case '<':
+ if ((out_pos + 4) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'l';
+ dst[out_pos++] = 't';
+ dst[out_pos] = ';';
+ break;
+ case '>':
+ if ((out_pos + 4) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'g';
+ dst[out_pos++] = 't';
+ dst[out_pos] = ';';
+ break;
+ case '"':
+ if ((out_pos + 6) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'q';
+ dst[out_pos++] = 'u';
+ dst[out_pos++] = 'o';
+ dst[out_pos++] = 't';
+ dst[out_pos] = ';';
+ break;
+ case '\'':
+ if ((out_pos + 5) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = '#';
+ dst[out_pos++] = '3';
+ dst[out_pos++] = '9';
+ dst[out_pos] = ';';
+ break;
+ case '&':
+ if ((out_pos + 5) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'a';
+ dst[out_pos++] = 'm';
+ dst[out_pos++] = 'p';
+ dst[out_pos] = ';';
+ break;
+ default:
+ dst[out_pos] = src[in_pos];
+ }
+ }
+ dst[out_pos] = 0;
+
+ return dst;
+}
+
/*
* Given a public key/subkey packet return the key length.
*/
char *uid = NULL;
uint64_t sigid = 0;
char *sig = NULL;
+ char buf[1024];
while (sigs != NULL) {
sigid = sig_keyid(sigs->packet);
sigid,
sigid,
sigid,
- txt2html(uid));
+ html_escape(uid, strlen(uid), buf, sizeof(buf)));
} else if (html && uid == NULL) {
printf("%s 0x%016" PRIX64 " "
"[User id not found]\n",
snprintf(buf, 1023, "%.*s",
(int) uids->packet->length,
uids->packet->data);
- printf(" %s\n",
- (html) ? txt2html(buf) : buf);
+ if (html) {
+ printf(" %s\n",
+ html_escape((char *) uids->packet->data,
+ uids->packet->length,
+ buf,
+ sizeof(buf)));
+ } else {
+ printf(" %.*s\n",
+ (int) uids->packet->length,
+ uids->packet->data);
+ }
} else if (uids->packet->tag == OPENPGP_PACKET_UAT) {
printf(" ");
if (html) {
struct openpgp_signedpacket_list *subkeys, bool verbose,
bool html)
{
- struct tm *created = NULL;
+ struct tm created;
time_t created_time = 0;
int type = 0;
int length = 0;
(subkeys->packet->data[2] << 16) +
(subkeys->packet->data[3] << 8) +
subkeys->packet->data[4];
- created = gmtime(&created_time);
+ gmtime_r(&created_time, &created);
switch (subkeys->packet->data[0]) {
case 2:
length,
pkalgo2char(type),
keyid,
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
}
if (verbose) {
bool skshash, bool html)
{
struct openpgp_signedpacket_list *curuid = NULL;
- struct tm *created = NULL;
+ struct tm created;
time_t created_time = 0;
int type = 0;
int length = 0;
char buf[1024];
uint64_t keyid;
+
if (html) {
puts("<pre>");
}
(keys->publickey->data[2] << 16) +
(keys->publickey->data[3] << 8) +
keys->publickey->data[4];
- created = gmtime(&created_time);
+ gmtime_r(&created_time, &created);
switch (keys->publickey->data[0]) {
case 2:
pkalgo2char(type),
keyid,
keyid,
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
} else {
printf("pub %5d%c/0x%016" PRIX64 " %04d/%02d/%02d ",
length,
pkalgo2char(type),
keyid,
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
}
curuid = keys->uids;
if (curuid != NULL &&
curuid->packet->tag == OPENPGP_PACKET_UID) {
- snprintf(buf, 1023, "%.*s",
- (int) curuid->packet->length,
- curuid->packet->data);
if (html) {
printf("<a href=\"lookup?op=vindex&"
- "search=0x%016" PRIX64 "\">",
- keyid);
+ "search=0x%016" PRIX64 "\">"
+ "%s</a>%s\n",
+ keyid,
+ html_escape((char *) curuid->packet->data,
+ curuid->packet->length,
+ buf,
+ sizeof(buf)),
+ (keys->revoked) ? " *** REVOKED ***" : "");
+ } else {
+ printf("%.*s%s\n",
+ (int) curuid->packet->length,
+ curuid->packet->data,
+ (keys->revoked) ? " *** REVOKED ***" : "");
}
- printf("%s%s%s\n",
- (html) ? txt2html(buf) : buf,
- (html) ? "</a>" : "",
- (keys->revoked) ? " *** REVOKED ***" : "");
if (skshash) {
display_skshash(keys, html);
}