* Properly escape XML output using new xmlesc() function for XMPP sessions. This...

[citadel.git] / citadel / modules / xmpp / xmpp_messages.c

diff --git a/citadel/modules/xmpp/xmpp_messages.c b/citadel/modules/xmpp/xmpp_messages.c
index 5ea435d4a52b543a312010d3f2911fd876cce717..d989beb686c74d42381f72bf887883524d3deefc 100644 (file)
--- a/citadel/modules/xmpp/xmpp_messages.c
+++ b/citadel/modules/xmpp/xmpp_messages.c
@@ -3,21 +3,21 @@
  *
  * Handle messages sent and received using XMPP (Jabber) protocol
  *
- * Copyright (c) 2007-2009 by Art Cancro
+ * Copyright (c) 2007-2010 by Art Cancro
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  *
  */
 
@@ -67,6 +67,8 @@
 void xmpp_output_incoming_messages(void) {
 
        struct ExpressMessage *ptr;
+       char xmlbuf1[4096];
+       char xmlbuf2[4096];
 
        while (CC->FirstExpressMessage != NULL) {
 
@@ -76,11 +78,12 @@ void xmpp_output_incoming_messages(void) {
                end_critical_section(S_SESSION_TABLE);
 
                cprintf("<message to=\"%s\" from=\"%s\" type=\"chat\">",
-                       XMPP->client_jid,
-                       ptr->sender_email);
+                       xmlesc(xmlbuf1, XMPP->client_jid, sizeof xmlbuf1),
+                       xmlesc(xmlbuf2, ptr->sender_email, sizeof xmlbuf2)
+               );
                if (ptr->text != NULL) {
                        striplt(ptr->text);
-                       cprintf("<body>%s</body>", ptr->text);
+                       cprintf("<body>%s</body>", xmlesc(xmlbuf1, ptr->text, sizeof xmlbuf1));
                        free(ptr->text);
                }
                cprintf("</message>");