On Thu, Jan 31, 2013 at 08:24:29PM -0500, Daniel Kahn Gillmor wrote:
> msv_query_agent() does not escape the data passed in. For example, if
> pkcdata points to a C string with newlines in it, it will inject the
> newlines directly into the JSON string, which is not valid JSON.
Perhaps something like this?
jreq = json_object();
pkc = json_object();
peer = json_object();
if ( (json_object_set(pkc, "data", json_string(pkcdata)) == 0) &&
(json_object_set(pkc, "type", json_string(pkctype)) == 0) &&
(json_object_set(peer, "name", json_string(peername)) == 0) &&
(json_object_set(peer, "type", json_string(peertype)) == 0) &&
(json_object_set(jreq, "pkc", pkc) == 0) &&
(json_object_set(jreq, "context", json_string(context)) == 0) &&
(json_object_set(jreq, "peer", peer) == 0)
) {
req = json_dumps(jreq, JSON_PRESERVE_ORDER|JSON_COMPACT);
} else {
return SOMETHING_HORRIBLE;
}
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
