Commit 10698424 authored by Antoine Cellerier's avatar Antoine Cellerier

src/misc/vlm.c: fix FindEndCommand quote escaping

share/http/js/*.js: escape inputs in vlm commands
parent 55aa3b59
......@@ -191,7 +191,7 @@ function mosaic_code_update()
"\n"+
"# Background options\n"+
"new bg broadcast enabled\n"+
"setup bg input " + value( 'mosaic_bg_input' ) + "\n";
"setup bg input " + sanitize_input( value( 'mosaic_bg_input' ) ) + "\n";
if( value( 'mosaic_output' ) )
{
code.value +=
......@@ -247,7 +247,7 @@ function mosaic_code_update()
var s = cells[id];
code.value +=
"new " + s + " broadcast enabled\n"+
"setup " + s + " input " + streams[s] + "\n"+
"setup " + s + " input " + sanitize_input( streams[s] ) + "\n"+
"setup " + s + " output #duplicate{dst=mosaic-bridge{id=" + s + ",width="+cell_width+",height="+cell_height+"},select=video,dst=bridge-out,select=audio}\n"+
"\n";
}
......
......@@ -151,6 +151,11 @@ function vlm_schedule_type_change( name )
}
}
function sanitize_input( str )
{
return str.replace( /\\/g, '\\\\').replace( /\'/g, '\\\'' ).replace( /\"/g, '\\\"' ).replace( /^/, '"' ).replace( /$/, '"' );
}
function update_vlm_add_broadcast()
{
var cmd = document.getElementById( 'vlm_command' );
......@@ -172,7 +177,7 @@ function update_vlm_add_broadcast()
if( value( 'vlm_broadcast_input' ) )
{
cmd.value += " input " + value( 'vlm_broadcast_input' );
cmd.value += " input " + sanitize_input( value( 'vlm_broadcast_input' ) );
}
if( value( 'vlm_broadcast_output' ) )
......@@ -202,7 +207,7 @@ function update_vlm_add_vod()
if( value( 'vlm_vod_input' ) )
{
cmd.value += " input " + value( 'vlm_vod_input' );
cmd.value += " input " + sanitize_input( value( 'vlm_vod_input' ) );
}
if( value( 'vlm_vod_output' ) )
......@@ -696,7 +701,7 @@ function vlm_delete_input( name, num )
function vlm_add_input( name, input )
{
document.getElementById( 'vlm_command' ).value = "setup "+name+" input "+input;
document.getElementById( 'vlm_command' ).value = "setup "+name+" input "+sanitize_input( input );
vlm_cmd( value( 'vlm_command' ) );
}
......
......@@ -266,7 +266,8 @@ static const char *FindEndCommand( const char *psz_sent )
{
case '\"':
psz_sent++;
while( ( *psz_sent != '\"' ) && ( *psz_sent != '\0' ) )
while( ( *psz_sent != '\"' || b_escape == VLC_TRUE )
&& ( *psz_sent != '\0' ) )
{
if( *psz_sent == '\'' && b_escape == VLC_FALSE )
{
......@@ -292,7 +293,8 @@ static const char *FindEndCommand( const char *psz_sent )
case '\'':
psz_sent++;
while( ( *psz_sent != '\'' ) && ( *psz_sent != '\0' ) )
while( ( *psz_sent != '\'' || b_escape == VLC_TRUE )
&& ( *psz_sent != '\0' ) )
{
if( *psz_sent == '\"' && b_escape == VLC_FALSE )
{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment