RubyGems - rinku - Versions diffs - 1.2.2 → 1.3.0 - Mend

rinku 1.2.2 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

data/ext/rinku/buffer.h CHANGED Viewed

@@ -1,7 +1,6 @@
-/* buffer.h - automatic buffer structure */
 /*
  * Copyright (c) 2008, Natacha Porté
+ * Copyright (c) 2011, Vicent Martí
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -16,139 +15,77 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifndef LITHIUM_BUFFER_H
-#define LITHIUM_BUFFER_H
+#ifndef __GEN_BUFFER_H__
+#define __GEN_BUFFER_H__
 #include <stddef.h>
+#include <stdarg.h>
+#include <stdint.h>
 #if defined(_MSC_VER)
 #define __attribute__(x)
 #define inline
-#define strncasecmp _strnicmp
-#define snprintf _snprintf
-#define va_copy(d,s) ((d) = (s))
 #endif
-/********************
- * TYPE DEFINITIONS *
- ********************/
+typedef enum {
+	BUF_OK = 0,
+	BUF_ENOMEM = -1,
+} buferror_t;
-/* struct buf • character array buffer */
+/* struct buf: character array buffer */
 struct buf {
-	char *	data;	/* actual character data */
-	size_t	size;	/* size of the string */
-	size_t	asize;	/* allocated size (0 = volatile buffer) */
-	size_t	unit;	/* reallocation unit size (0 = read-only buffer) */
-	int	ref; };	/* reference count */
-/**********
- * MACROS *
- **********/
-#define STRLEN(x) (sizeof(x) - 1)
-/* CONST_BUF • global buffer from a string litteral */
-#define CONST_BUF(name, string) \
-	static struct buf name = { string, sizeof string -1, sizeof string }
-/* VOLATILE_BUF • macro for creating a volatile buffer on the stack */
-#define VOLATILE_BUF(name, strname) \
-	struct buf name = { strname, strlen(strname) }
-/* BUFPUTSL • optimized bufputs of a string litteral */
-#define BUFPUTSL(output, litteral) \
-	bufput(output, litteral, sizeof litteral - 1)
+	uint8_t *data;		/* actual character data */
+	size_t size;	/* size of the string */
+	size_t asize;	/* allocated size (0 = volatile buffer) */
+	size_t unit;	/* reallocation unit size (0 = read-only buffer) */
+};
-/********************
- * BUFFER FUNCTIONS *
- ********************/
+/* CONST_BUF: global buffer from a string litteral */
+#define BUF_STATIC(string) \
+	{ (uint8_t *)string, sizeof string -1, sizeof string, 0, 0 }
-/* bufcasecmp • case-insensitive buffer comparison */
-int
-bufcasecmp(const struct buf *, const struct buf *);
+/* VOLATILE_BUF: macro for creating a volatile buffer on the stack */
+#define BUF_VOLATILE(strname) \
+	{ (uint8_t *)strname, strlen(strname), 0, 0, 0 }
-/* bufcmp • case-sensitive buffer comparison */
-int
-bufcmp(const struct buf *, const struct buf *);
+/* BUFPUTSL: optimized bufputs of a string litteral */
+#define BUFPUTSL(output, literal) \
+	bufput(output, literal, sizeof literal - 1)
-/* bufcmps • case-sensitive comparison of a string to a buffer */
-int
-bufcmps(const struct buf *, const char *);
+/* bufgrow: increasing the allocated size to the given value */
+int bufgrow(struct buf *, size_t);
-/* bufprefix * compare the beginning of a buffer with a string */
-int
-bufprefix(const struct buf *buf, const char *prefix);
+/* bufnew: allocation of a new buffer */
+struct buf *bufnew(size_t) __attribute__ ((malloc));
-/* bufdup • buffer duplication */
-struct buf *
-bufdup(const struct buf *, size_t)
-	__attribute__ ((malloc));
+/* bufnullterm: NUL-termination of the string array (making a C-string) */
+const char *bufcstr(struct buf *);
-/* bufgrow • increasing the allocated size to the given value */
-int
-bufgrow(struct buf *, size_t);
+/* bufprefix: compare the beginning of a buffer with a string */
+int bufprefix(const struct buf *buf, const char *prefix);
-/* bufnew • allocation of a new buffer */
-struct buf *
-bufnew(size_t)
-	__attribute__ ((malloc));
+/* bufput: appends raw data to a buffer */
+void bufput(struct buf *, const void *, size_t);
-/* bufnullterm • NUL-termination of the string array (making a C-string) */
-void
-bufnullterm(struct buf *);
+/* bufputs: appends a NUL-terminated string to a buffer */
+void bufputs(struct buf *, const char *);
-/* bufprintf • formatted printing to a buffer */
-void
-bufprintf(struct buf *, const char *, ...)
-	__attribute__ ((format (printf, 2, 3)));
+/* bufputc: appends a single char to a buffer */
+void bufputc(struct buf *, int);
-/* bufput • appends raw data to a buffer */
-void
-bufput(struct buf *, const void*, size_t);
+/* bufrelease: decrease the reference count and free the buffer if needed */
+void bufrelease(struct buf *);
-/* bufputs • appends a NUL-terminated string to a buffer */
-void
-bufputs(struct buf *, const char*);
+/* bufreset: frees internal data of the buffer */
+void bufreset(struct buf *);
-/* bufputc • appends a single char to a buffer */
-void
-bufputc(struct buf *, char);
+/* bufslurp: removes a given number of bytes from the head of the array */
+void bufslurp(struct buf *, size_t);
-/* bufrelease • decrease the reference count and free the buffer if needed */
-void
-bufrelease(struct buf *);
+/* bufprintf: formatted printing to a buffer */
+void bufprintf(struct buf *, const char *, ...) __attribute__ ((format (printf, 2, 3)));
-/* bufreset • frees internal data of the buffer */
-void
-bufreset(struct buf *);
+/* vbufprintf: stdarg variant of formatted printing into a buffer */
+void vbufprintf(struct buf *, const char * , va_list);
-/* bufset • safely assigns a buffer to another */
-void
-bufset(struct buf **, struct buf *);
-/* bufslurp • removes a given number of bytes from the head of the array */
-void
-bufslurp(struct buf *, size_t);
-/* buftoi • converts the numbers at the beginning of the buf into an int */
-int
-buftoi(struct buf *, size_t, size_t *);
-#ifdef BUFFER_STDARG
-#include <stdarg.h>
-/* vbufprintf • stdarg variant of formatted printing into a buffer */
-void
-vbufprintf(struct buf *, const char*, va_list);
-#endif /* def BUFFER_STDARG */
-#endif /* ndef LITHIUM_BUFFER_H */
-/* vim: set filetype=c: */
+#endif

data/ext/rinku/houdini.h ADDED Viewed

@@ -0,0 +1,28 @@
+#ifndef __HOUDINI_H__
+#define __HOUDINI_H__
+#include "buffer.h"
+#ifdef HOUDINI_USE_LOCALE
+#	define _isxdigit(c) isxdigit(c)
+#	define _isdigit(c) isdigit(c)
+#else
+/*
+ * Helper _isdigit methods -- do not trust the current locale
+ * */
+#	define _isxdigit(c) (strchr("0123456789ABCDEFabcdef", (c)) != NULL)
+#	define _isdigit(c) ((c) >= '0' && (c) <= '9')
+#endif
+extern void houdini_escape_html(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure);
+extern void houdini_unescape_html(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_escape_uri(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_escape_url(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_escape_href(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_unescape_uri(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_unescape_url(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_escape_js(struct buf *ob, const uint8_t *src, size_t size);
+extern void houdini_unescape_js(struct buf *ob, const uint8_t *src, size_t size);
+#endif

data/ext/rinku/houdini_href_e.c ADDED Viewed

@@ -0,0 +1,108 @@
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include "houdini.h"
+#define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10)
+/*
+ * The following characters will not be escaped:
+ *
+ *		-_.+!*'(),%#@?=;:/,+&$ alphanum
+ *
+ * Note that this character set is the addition of:
+ *
+ *	- The characters which are safe to be in an URL
+ *	- The characters which are *not* safe to be in
+ *	an URL because they are RESERVED characters.
+ *
+ * We asume (lazily) that any RESERVED char that
+ * appears inside an URL is actually meant to
+ * have its native function (i.e. as an URL
+ * component/separator) and hence needs no escaping.
+ *
+ * There are two exceptions: the chacters & (amp)
+ * and ' (single quote) do not appear in the table.
+ * They are meant to appear in the URL as components,
+ * yet they require special HTML-entity escaping
+ * to generate valid HTML markup.
+ *
+ * All other characters will be escaped to %XX.
+ *
+ */
+static const char HREF_SAFE[] = {
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1,
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,
+	0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+void
+houdini_escape_href(struct buf *ob, const uint8_t *src, size_t size)
+{
+	static const char hex_chars[] = "0123456789ABCDEF";
+	size_t  i = 0, org;
+	char hex_str[3];
+	bufgrow(ob, ESCAPE_GROW_FACTOR(size));
+	hex_str[0] = '%';
+	while (i < size) {
+		org = i;
+		while (i < size && HREF_SAFE[src[i]] != 0)
+			i++;
+		if (i > org)
+			bufput(ob, src + org, i - org);
+		/* escaping */
+		if (i >= size)
+			break;
+		switch (src[i]) {
+		/* amp appears all the time in URLs, but needs
+		 * HTML-entity escaping to be inside an href */
+		case '&':
+			BUFPUTSL(ob, "&amp;");
+			break;
+		/* the single quote is a valid URL character
+		 * according to the standard; it needs HTML
+		 * entity escaping too */
+		case '\'':
+			BUFPUTSL(ob, "&#x27;");
+			break;
+		/* the space can be escaped to %20 or a plus
+		 * sign. we're going with the generic escape
+		 * for now. the plus thing is more commonly seen
+		 * when building GET strings */
+#if 0
+		case ' ':
+			bufputc(ob, '+');
+			break;
+#endif
+		/* every other character goes with a %XX escaping */
+		default:
+			hex_str[1] = hex_chars[(src[i] >> 4) & 0xF];
+			hex_str[2] = hex_chars[src[i] & 0xF];
+			bufput(ob, hex_str, 3);
+		}
+		i++;
+	}
+}

data/ext/rinku/houdini_html_e.c ADDED Viewed

@@ -0,0 +1,84 @@
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include "houdini.h"
+#define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10) /* this is very scientific, yes */
+/**
+ * According to the OWASP rules:
+ *
+ * & --> &amp;
+ * < --> &lt;
+ * > --> &gt;
+ * " --> &quot;
+ * ' --> &#x27;     &apos; is not recommended
+ * / --> &#x2F;     forward slash is included as it helps end an HTML entity
+ *
+ */
+static const char HTML_ESCAPE_TABLE[] = {
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+static const char *HTML_ESCAPES[] = {
+        "",
+        "&quot;",
+        "&amp;",
+        "&#39;",
+        "&#47;",
+        "&lt;",
+        "&gt;"
+};
+void
+houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure)
+{
+	size_t  i = 0, org, esc;
+	bufgrow(ob, ESCAPE_GROW_FACTOR(size));
+	while (i < size) {
+		org = i;
+		while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
+			i++;
+		if (i > org)
+			bufput(ob, src + org, i - org);
+		/* escaping */
+		if (i >= size)
+			break;
+		/* The forward slash is only escaped in secure mode */
+		if (src[i] == '/' && !secure) {
+			bufputc(ob, '/');
+		} else {
+			bufputs(ob, HTML_ESCAPES[esc]);
+		}
+		i++;
+	}
+}
+void
+houdini_escape_html(struct buf *ob, const uint8_t *src, size_t size)
+{
+	houdini_escape_html0(ob, src, size, 1);
+}