archive: fixed addfile URL from the report.cgi. improved xml validation for '_' in attribute values and <abc/> elements.

This commit is contained in:
Daniel Marjamäki 2013-07-29 10:21:10 +02:00
parent 57d8a8719b
commit 545aad579f
2 changed files with 25 additions and 5 deletions

View File

@ -17,7 +17,7 @@ void listAll(char **data)
puts("function addfile() {");
puts(" var name = prompt(\"Name of library/platform/etc\", \"\");");
puts(" if (name != null)");
puts(" window.location = \"http://cppcheck.sourceforge.net/cgi-bin/addfile.cgi?name=\" + name + \"&version=\" + version;");
puts(" window.location = \"http://cppcheck.sourceforge.net/cgi-bin/addfile.cgi?name=\" + name;");
puts("}");
puts("function editfile(name,version) {\n");
puts(" window.location = \"http://cppcheck.sourceforge.net/cgi-bin/edit.cgi?name=\" + name + \"&version=\" + version;\n");

View File

@ -31,22 +31,29 @@ int validatexml(const char xmldata[])
} else if (xmldata[pos]=='\r' || xmldata[pos]=='\n') {
++linenr;
} else if (xmldata[pos] == '<') {
// found a element, validate it
++pos;
skipspaces(xmldata,&pos,&linenr);
// is this a end-element?
if (xmldata[pos] == '/') {
// end element without any previous start element
if (level <= 0) {
return linenr;
}
--level;
// compare name of end element with name of start element
int len = strlen(elementNames[level]);
if (strncmp(&xmldata[pos+1],elementNames[level],len)!=0 || xmldata[pos+1+len]!='>')
return linenr;
pos += 1 + len;
} else {
// this validator allows max 8 element levels
if (level > 8)
return linenr;
if (!isalpha(xmldata[pos]))
return linenr;
// add element name to elementNames so it can be compared later against the end element
memset(elementNames[level], 0, 64);
for (int i = 0; i < 64; i++) {
if ((xmldata[pos+i]>='a' && xmldata[pos+i]<='z') || xmldata[pos+i] == '-')
@ -57,30 +64,43 @@ int validatexml(const char xmldata[])
}
}
if (!strchr("> \r\n", xmldata[pos]))
if (!strchr("/> \r\n", xmldata[pos]))
return linenr;
level++;
while (xmldata[pos] != '>') {
// validate all attributes
while (xmldata[pos] != '/' && xmldata[pos] != '>') {
// validate one attribute
skipspaces(xmldata,&pos,&linenr);
if ((xmldata[pos] >= 'a') && xmldata[pos] <= 'z') {
// attribute name
while (((xmldata[pos] >= 'a') && xmldata[pos] <= 'z') || xmldata[pos] == '-')
++pos;
if (xmldata[pos++] != '=')
return linenr;
if (xmldata[pos++] != '\"')
return linenr;
while (isalnum(xmldata[pos]) || strchr(":-.,",xmldata[pos]))
// attribute value
while (isalnum(xmldata[pos]) || strchr(":-.,_",xmldata[pos]))
++pos;
if (xmldata[pos++] != '\"')
return linenr;
if (!strchr("> \r\n", xmldata[pos]))
return linenr;
} else if (xmldata[pos] != '>') {
} else if (xmldata[pos] != '/' && xmldata[pos] != '>') {
return linenr;
}
}
// no end element.. <abc/>
if (xmldata[pos] == '/') {
--level;
++pos;
skipspaces(xmldata,&pos,&linenr);
if (xmldata[pos] != '>')
return linenr;
}
}
} else if (xmldata[pos] == '>') {
return linenr;