From 27752e368cc8e6325894d3a2a31f3faa80cbd93f Mon Sep 17 00:00:00 2001 From: Xavier Roche Date: Wed, 28 May 2014 18:31:40 +0000 Subject: Rewrite template formatting to be format-injection proof. --- src/htsparse.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/htsparse.c') diff --git a/src/htsparse.c b/src/htsparse.c index e49b00f..53872b5 100644 --- a/src/htsparse.c +++ b/src/htsparse.c @@ -207,9 +207,9 @@ Please visit our Website: http://www.httrack.com sprintf(tempo,""CRLF,link_escaped); \ } else \ tempo[0]='\0'; \ - fprintf(makeindex_fp,template_footer, \ + hts_template_format(makeindex_fp,template_footer, \ "", \ - tempo \ + tempo, /* EOF */ NULL \ ); \ fflush(makeindex_fp); \ fclose(makeindex_fp); /* à ne pas oublier sinon on passe une nuit blanche */ \ @@ -587,9 +587,9 @@ int htsparse(htsmoduleStruct * str, htsmoduleStructExtended * stre) { if (makeindex_fp != NULL) { // Header - fprintf(makeindex_fp, template_header, + hts_template_format(makeindex_fp, template_header, ""); + HTTRACK_VERSION " " HTTRACK_AFF_AUTHORS " -->", /* EOF */ NULL); } else makeindex_done = -1; // fait, erreur @@ -651,7 +651,7 @@ int htsparse(htsmoduleStruct * str, htsmoduleStructExtended * stre) { // Body inplace_escape_uri_utf(tempo, sizeof(tempo)); - fprintf(makeindex_fp, template_body, tempo, s); + hts_template_format(makeindex_fp, template_body, tempo, s, /* EOF */ NULL); } } } -- cgit v1.2.3