wprintf("<div id=\"login_screen\">\n");
if (mesg != NULL) if (!IsEmptyStr(mesg)) {
- stresc(buf, mesg, 0, 0);
- svprintf("mesg", WCS_STRING, "%s", buf);
+ stresc(buf, SIZ, mesg, 0, 0);
+ svprintf("mesg", WCS_STRING, "%s", buf);
}
svprintf("LOGIN_INSTRUCTIONS", WCS_STRING,
);
serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
- stresc(escaped_email, email, 0, 0);
- stresc(escaped_room, room, 0, 0);
+ stresc(escaped_email, 256, email, 0, 0);
+ stresc(escaped_room, 256, room, 0, 0);
wprintf("<CENTER><H1>");
wprintf(_("Confirmation request sent"));
else if (!strcasecmp(firsttoken, "email")) {
if (!IsEmptyStr(mailto)) strcat(mailto, "<br />");
+ long len;
strcat(mailto,
"<a href=\"display_enter"
"?force_room=_MAIL_?recp=");
urlesc(&mailto[strlen(mailto)], ">");
strcat(mailto, "\">");
- stresc(&mailto[strlen(mailto)], thisvalue, 1, 1);
+ len = strlen(mailto);
+ stresc(mailto+len, SIZ - len, thisvalue, 1, 1);
strcat(mailto, "</A>");
}
else if (!strcasecmp(firsttoken, "tel")) {
* \param tabbuf the tabbuffer to add name to
* \param name the name to add to the tabbuffer
*/
-void nametab(char *tabbuf, char *name) {
- stresc(tabbuf, name, 0, 0);
+void nametab(char *tabbuf, long len, char *name) {
+ stresc(tabbuf, len, name, 0, 0);
tabbuf[0] = toupper(tabbuf[0]);
tabbuf[1] = tolower(tabbuf[1]);
tabbuf[2] = tolower(tabbuf[2]);
tabfirst = i * NAMESPERPAGE;
tablast = tabfirst + NAMESPERPAGE - 1;
if (tablast > (num_ab - 1)) tablast = (num_ab - 1);
- nametab(tabfirst_label, addrbook[tabfirst].ab_name);
- nametab(tablast_label, addrbook[tablast].ab_name);
+ nametab(tabfirst_label, 64, addrbook[tabfirst].ab_name);
+ nametab(tablast_label, 64, addrbook[tablast].ab_name);
sprintf(this_tablabel, "%s - %s", tabfirst_label, tablast_label);
tablabels[i] = strdup(this_tablabel);
}
}
/** Make it HTML-happy and print it. */
- stresc(display_notetext, notetext, 0, 0);
+ stresc(display_notetext, SIZ, notetext, 0, 0);
if (!IsEmptyStr(eid)) {
wprintf("<span id=\"note%s\">%s</span><br />\n", eid, display_notetext);
}
}
/** Make it HTML-happy and print it. */
- stresc(display_notetext, notetext, 0, 0);
+ stresc(display_notetext, SIZ, notetext, 0, 0);
wprintf("%s\n", display_notetext);
}
}
if (buf[0] == '4') {
text_to_server(bstr("msgtext"));
serv_puts("000");
- stresc(buf, recp, 0, 0);
+ stresc(buf, 256, recp, 0, 0);
snprintf(WC->ImportantMessage,
sizeof WC->ImportantMessage,
"%s%s.",
WC->new_mail = extract_int(&got[4], 9);
WC->wc_view = extract_int(&got[4], 11);
- stresc(sanitized_roomname, WC->wc_roomname, 1, 1);
+ stresc(sanitized_roomname, 256, WC->wc_roomname, 1, 1);
svprintf("ROOMNAME", WCS_STRING, "%s", sanitized_roomname);
svprintf("NUMMSGS", WCS_STRING,
_("%d new of %d messages"),
if (levels == 1) {
/** Begin inner box */
- stresc(boxtitle, floor_name, 1, 0);
+ stresc(boxtitle, 256, floor_name, 1, 0);
svprintf("BOXTITLE", WCS_STRING, boxtitle);
do_template("beginbox");
}
if (levels == 1) {
/** Begin floor */
- stresc(floordivtitle, floor_name, 0, 0);
+ stresc(floordivtitle, 256, floor_name, 0, 0);
sprintf(floordiv_id, "floordiv%d", i);
wprintf("<span class=\"ib_roomlist_floor\" "
"onClick=\"expand_floor('%s')\">"
}
if (!strcasecmp(keyword, "remote")) {
+ int RcptLen;
+ int TRcptLen;
+ int TDsn;
+ int NLen;
extract_token(thisrecp, buf, 1, '|', sizeof thisrecp);
extract_token(thisdsn, buf, 3, '|', sizeof thisdsn);
-
- if (strlen(recipients) + strlen(thisrecp) + strlen(thisdsn) + 100
+ RcptLen = strlen(recipients);
+ TRcptLen = strlen(thisrecp);
+ TDsn = strlen(thisdsn);
+ if ( RcptLen + TRcptLen + TDsn + 100
< sizeof recipients) {
if (!IsEmptyStr(recipients)) {
- strcat(recipients, "<br />");
+ // copy the \0 to be sure..
+ memcpy (&recipients[RcptLen], "<br />\0", 7);
+ RcptLen += 6;
}
- stresc(&recipients[strlen(recipients)], thisrecp, 1, 1);
- strcat(recipients, "<br /> <i>");
- stresc(&recipients[strlen(recipients)], thisdsn, 1, 1);
- strcat(recipients, "</i>");
+ NLen = stresc(&recipients[RcptLen],
+ sizeof recipients - RcptLen,
+ thisrecp, 1, 1);
+ if (NLen != -1)
+ {
+ RcptLen += NLen;
+ NLen = sizeof "<br /> <i>";
+ memcpy(recipients, "<br /> <i>",
+ NLen);
+ RcptLen += NLen - 1;
+ NLen = stresc(&recipients[RcptLen],
+ sizeof recipients - RcptLen,
+ thisdsn, 1, 1);
+ if (NLen != -1)
+ memcpy (recipients, "</i>\0", 5);
+ } /// else bail out?
}
}
* \param nbsp If nonzero, spaces are converted to non-breaking spaces.
* \param nolinebreaks if set, linebreaks are removed from the string.
*/
-void stresc(char *target, char *strbuf, int nbsp, int nolinebreaks)
+long stresc(char *target, long tSize, char *strbuf, int nbsp, int nolinebreaks)
{
- char *aptr, *bptr;
+ char *aptr, *bptr, *eptr;
*target = '\0';
aptr = strbuf;
bptr = target;
+ eptr = target + tSize - 6; // our biggest unit to put in...
- while (!IsEmptyStr(aptr) ){
+ while ((bptr < eptr) && !IsEmptyStr(aptr) ){
if (*aptr == '<') {
memcpy(bptr, "<", 4);
bptr += 4;
bptr += 6;
}
else if ((*aptr == '\n') && (nolinebreaks)) {
- strcat(bptr, ""); /* nothing */
+ *bptr='\0'; /* nothing */
}
else if ((*aptr == '\r') && (nolinebreaks)) {
- strcat(bptr, ""); /* nothing */
+ *bptr='\0'; /* nothing */
}
else{
*bptr = *aptr;
aptr ++;
}
*bptr = '\0';
+ if ((bptr = eptr - 1 ) && !IsEmptyStr(aptr) )
+ return -1;
+ return (bptr - target);
}
/**
void escputs1(char *strbuf, int nbsp, int nolinebreaks)
{
char *buf;
+ long Siz;
if (strbuf == NULL) return;
- buf = malloc( (3 * strlen(strbuf)) + SIZ );
- stresc(buf, strbuf, nbsp, nolinebreaks);
+ Siz = (3 * strlen(strbuf)) + SIZ ;
+ buf = malloc(Siz);
+ stresc(buf, Siz, strbuf, nbsp, nolinebreaks);
wprintf("%s", buf);
free(buf);
}
outbuf = malloc( buflen);
outbuf2 = malloc( buflen);
msgesc(outbuf, strbuf);
- stresc(outbuf2, outbuf, 0, 0);
+ stresc(outbuf2, buflen, outbuf, 0, 0);
wprintf("%s", outbuf2);
free(outbuf);
free(outbuf2);
void wprintf(const char *format,...);
void output_static(char *what);
void print_menu_box(char* Title, char *Class, int nLines, ...);
-void stresc(char *target, char *strbuf, int nbsp, int nolinebreaks);
+long stresc(char *target, long tSize, char *strbuf, int nbsp, int nolinebreaks);
void escputs(char *strbuf);
void url(char *buf);
void escputs1(char *strbuf, int nbsp, int nolinebreaks);