sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Bug: membership file too raw in stats page

From: Kim Minh Kaplan
Subject: Re: [Sks-devel] Bug: membership file too raw in stats page
Date: Mon, 12 Oct 2009 20:08:19 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) 
Phil Pennock writes:

> One of my peers had a line in their membership file which followed the
> common idiom of:
>   host.example.net 11370    # Fred Bloggs <address@hidden>
>
> Unfortunately, they'd missed the '#' character.  The
> /pks/lookup?op=stats page returned this raw with no HTML entity
> escaping.

Although SKS could be more carefull with the escaping on the stats page
I can not reproduce the problem you describe.  The peers table is built
from the result of Membership.get_names() which uses a Scanf "%s %s".
Only the hostname and service are used, the rest of the line is silently
discarded.

> The stats renderer should be HTML-escaping the data it's putting into
> fields in HTML.  And hey, if it's not already doing so, complaining more
> loudly about such lines at parse time so the admins notice.  :)

Patches attached for each.  Should I push them to my repository so that
they get integrated in mainline?

Kim Minh.


Fix stats page HTML entities encoding.
http://lists.gnu.org/archive/html/sks-devel/2009-10/msg00001.html

diff -r 95926d02fe80 stats.ml
--- a/stats.ml  Mon Aug 31 23:33:41 2009 +0200
+++ b/stats.ml  Mon Oct 12 21:42:52 2009 +0200
@@ -139,12 +139,14 @@
      <tr><td>Recon port:<td>%d
      <tr><td>Debug level:<td>%d
 </table><br>"
-      !Settings.hostname Common.version
+      (HtmlTemplates.html_quote !Settings.hostname)
+      (HtmlTemplates.html_quote Common.version)
       http_port recon_port !Settings.debuglevel
   in
   let gossip_peers = 
     let peers = Array.to_list (Membership.get_names ()) in
-    let peers = List.map ~f:(fun peer -> sprintf "<tr><td>%s\n" peer) peers in
+    let peers = List.rev_map ~f:HtmlTemplates.html_quote peers in
+    let peers = List.rev_map ~f:(sprintf "<tr><td>%s\n") peers in
     sprintf "<h2>Gossip Peers</h2>\n<table>\n%s</table>"
       (String.concat ~sep:"" peers)
   in
@@ -153,7 +155,8 @@
       try Membership.get_mailsync_partners () 
       with Failure "No partners specified" -> []
     in
-    let peers = List.map ~f:(fun s -> sprintf "<tr><td>%s\n" s) peers in
+    let peers = List.rev_map ~f:HtmlTemplates.html_quote peers in
+    let peers = List.rev_map ~f:(sprintf "<tr><td>%s\n") peers in
     sprintf "<h2>Outgoing Mailsync Peers</h2>\n<table>\n%s</table>"
       (String.concat ~sep:"" peers)
   in

Complain on malformed membership lines.
http://lists.gnu.org/archive/html/sks-devel/2009-10/msg00001.html

diff -r 72d8e25ca99a membership.ml
--- a/membership.ml     Mon Oct 12 21:42:52 2009 +0200
+++ b/membership.ml     Mon Oct 12 21:57:13 2009 +0200
@@ -46,9 +46,11 @@
 let convert_address l =
   try 
     if String.length l = 0 then raise Empty_line else
-    sscanf l "%s %s"
-      (fun addr service ->
+    sscanf l "%s %s %s"
+      (fun addr service rest ->
          if addr = "" || service = "" then failwith "Blank line";
+        if rest <> "" then
+          perror "Spurious content \"%s\" in membership line \"%s\"" rest l;
          addr, service)
   with 
     Scanf.Scan_failure _ | End_of_file | Failure _ -> raise (Malformed_entry l)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]