+/*
+ * Given a source string and a target buffer, returns the string
+ * properly escaped for insertion into an XML stream. Returns a
+ * pointer to the target buffer for convenience.
+ *
+ * BUG: this does not properly handle UTF-8
+ */
+char *xmlesc(char *buf, char *str, int bufsiz)
+{
+ char *ptr;
+ unsigned char ch;
+ int len = 0;
+
+ if (!buf) return(NULL);
+ buf[0] = 0;
+ len = 0;
+ if (!str) {
+ return(buf);
+ }
+
+ for (ptr=str; *ptr; ptr++) {
+ ch = *ptr;
+ if (ch == '<') {
+ strcpy(&buf[len], "<");
+ len += 4;
+ }
+ else if (ch == '>') {
+ strcpy(&buf[len], ">");
+ len += 4;
+ }
+ else if (ch == '&') {
+ strcpy(&buf[len], "&");
+ len += 5;
+ }
+ else if (ch <= 0x7F) {
+ buf[len++] = ch;
+ buf[len] = 0;
+ }
+ else if (ch > 0x7F) {
+ char oct[10];
+ sprintf(oct, "&#%o;", ch);
+ strcpy(&buf[len], oct);
+ len += strlen(oct);
+ }
+ if ((len + 6) > bufsiz) {
+ return(buf);
+ }
+ }
+ return(buf);
+}