Apache2
Collaboration diagram for Escape functions:

Macros

#define APR_ESCAPE_STRING   (-1)
 
#define APR_ESCAPE_LDAP_DN   (0x01)
 
#define APR_ESCAPE_LDAP_FILTER   (0x02)
 
#define APR_ESCAPE_LDAP_ALL   (0x03)
 

Functions

apr_status_t apr_escape_shell (char *escaped, const char *str, apr_ssize_t slen, apr_size_t *len)
 
const char * apr_pescape_shell (apr_pool_t *p, const char *str) __attribute__((nonnull(1)))
 
apr_status_t apr_unescape_url (char *escaped, const char *url, apr_ssize_t slen, const char *forbid, const char *reserved, int plus, apr_size_t *len)
 
const char * apr_punescape_url (apr_pool_t *p, const char *url, const char *forbid, const char *reserved, int plus) __attribute__((nonnull(1)))
 
apr_status_t apr_escape_path_segment (char *escaped, const char *str, apr_ssize_t slen, apr_size_t *len)
 
const char * apr_pescape_path_segment (apr_pool_t *p, const char *str) __attribute__((nonnull(1)))
 
apr_status_t apr_escape_path (char *escaped, const char *path, apr_ssize_t slen, int partial, apr_size_t *len)
 
const char * apr_pescape_path (apr_pool_t *p, const char *str, int partial) __attribute__((nonnull(1)))
 
apr_status_t apr_escape_urlencoded (char *escaped, const char *str, apr_ssize_t slen, apr_size_t *len)
 
const char * apr_pescape_urlencoded (apr_pool_t *p, const char *str) __attribute__((nonnull(1)))
 
apr_status_t apr_escape_entity (char *escaped, const char *str, apr_ssize_t slen, int toasc, apr_size_t *len)
 
const char * apr_pescape_entity (apr_pool_t *p, const char *str, int toasc) __attribute__((nonnull(1)))
 
apr_status_t apr_unescape_entity (char *unescaped, const char *str, apr_ssize_t slen, apr_size_t *len)
 
const char * apr_punescape_entity (apr_pool_t *p, const char *str) __attribute__((nonnull(1)))
 
apr_status_t apr_escape_echo (char *escaped, const char *str, apr_ssize_t slen, int quote, apr_size_t *len)
 
const char * apr_pescape_echo (apr_pool_t *p, const char *str, int quote)
 
apr_status_t apr_escape_hex (char *dest, const void *src, apr_size_t srclen, int colon, apr_size_t *len)
 
const char * apr_pescape_hex (apr_pool_t *p, const void *src, apr_size_t slen, int colon) __attribute__((nonnull(1)))
 
apr_status_t apr_unescape_hex (void *dest, const char *str, apr_ssize_t slen, int colon, apr_size_t *len)
 
const void * apr_punescape_hex (apr_pool_t *p, const char *str, int colon, apr_size_t *len)
 
apr_status_t apr_escape_ldap (char *dest, const void *src, apr_ssize_t srclen, int flags, apr_size_t *len)
 
const char * apr_pescape_ldap (apr_pool_t *p, const void *src, apr_ssize_t slen, int flags) __attribute__((nonnull(1)))
 
apr_status_t apr_escape_json (char *dest, const char *src, apr_ssize_t srclen, int quote, apr_size_t *len)
 
const char * apr_pescape_json (apr_pool_t *p, const char *src, apr_ssize_t srclen, int quote)
 

Detailed Description

Macro Definition Documentation

◆ APR_ESCAPE_LDAP_ALL

#define APR_ESCAPE_LDAP_ALL   (0x03)

Apply both RFC4514 and RFC4515 LDAP escaping.

◆ APR_ESCAPE_LDAP_DN

#define APR_ESCAPE_LDAP_DN   (0x01)

Apply LDAP distinguished name escaping as per RFC4514.

◆ APR_ESCAPE_LDAP_FILTER

#define APR_ESCAPE_LDAP_FILTER   (0x02)

Apply LDAP filter escaping as per RFC4515.

◆ APR_ESCAPE_STRING

#define APR_ESCAPE_STRING   (-1)

When passing a string to one of the escape functions, this value can be passed to indicate a string-valued key, and have the length computed automatically.

Function Documentation

◆ apr_escape_echo()

apr_status_t apr_escape_echo ( char *  escaped,
const char *  str,
apr_ssize_t  slen,
int  quote,
apr_size_t len 
)

Escape control characters in a string, as performed by the shell's 'echo' command. Characters are replaced as follows: \a alert (bell), \b backspace, \f form feed, \n new line, \r carriage return, \t horizontal tab, \v vertical tab, \ backslash.

Any non ascii character will be encoded as '\xHH', where HH is the hex code of the character.

If quote is not zero, the double quote character will also be escaped.

Parameters
escapedOptional buffer to write the encoded string, can be NULL
strThe original string
slenThe length of the original string, or APR_ESCAPE_STRING
quoteIf non zero, encode double quotes
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

◆ apr_escape_entity()

apr_status_t apr_escape_entity ( char *  escaped,
const char *  str,
apr_ssize_t  slen,
int  toasc,
apr_size_t len 
)

Apply entity encoding to a string. Characters are replaced as follows: '<' becomes '&lt;', '>' becomes '&gt;', '&' becomes '&amp;', the double quote becomes '&quot;" and the single quote becomes '&apos;'.

If toasc is not zero, any non ascii character will be encoded as '%#ddd;', where ddd is the decimal code of the character.

Parameters
escapedOptional buffer to write the encoded string, can be NULL
strThe original string
slenThe length of the original string, or APR_ESCAPE_STRING
toascIf non zero, encode non ascii characters
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

◆ apr_escape_hex()

apr_status_t apr_escape_hex ( char *  dest,
const void *  src,
apr_size_t  srclen,
int  colon,
apr_size_t len 
)

Convert binary data to a hex encoding.

Parameters
destThe destination buffer, can be NULL
srcThe original buffer
srclenThe length of the original buffer
colonIf not zero, insert colon characters between hex digits.
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if the string was NULL

◆ apr_escape_json()

apr_status_t apr_escape_json ( char *  dest,
const char *  src,
apr_ssize_t  srclen,
int  quote,
apr_size_t len 
)

Apply JSON escaping to a UTF string. Invalid UTF8 character sequences are replaced by the U+FFFD replacement character.

Parameters
destThe destination buffer, can be NULL
srcThe original buffer
srclenThe length of the original buffer. Pass APR_ESCAPE_STRING for a NUL terminated string.
quoteIf non zero, surround the string with quotes, and if the string is NULL, return the string "NULL".
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if the string resulted in no modification, APR_EINVAL if bad UTF8 is detected. In all cases valid UTF8 is returned.

◆ apr_escape_ldap()

apr_status_t apr_escape_ldap ( char *  dest,
const void *  src,
apr_ssize_t  srclen,
int  flags,
apr_size_t len 
)

Apply LDAP escaping to binary data. Characters from RFC4514 and RFC4515 are escaped with their hex equivalents.

Parameters
destThe destination buffer, can be NULL
srcThe original buffer
srclenThe length of the original buffer
flagsAPR_ESCAPE_LDAP_DN for RFC4514, APR_ESCAPE_LDAP_FILTER for RFC4515, APR_ESCAPE_LDAP_ALL for both
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if the string was NULL

◆ apr_escape_path()

apr_status_t apr_escape_path ( char *  escaped,
const char *  path,
apr_ssize_t  slen,
int  partial,
apr_size_t len 
)

Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808. In all cases if a ':' occurs before the first '/' in the URL, the URL should be prefixed with "./" (or the ':' escaped). In the case of Unix, this means leaving '/' alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don't use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.

If partial is set, os_escape_path() assumes that the path will be appended to something with a '/' in it (and thus does not prefix "./").

Parameters
escapedOptional buffer to write the encoded string, can be NULL
pathThe original string
slenThe length of the original string, or APR_ESCAPE_STRING
partialIf non zero, suppresses the prepending of "./"
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the string was NULL

◆ apr_escape_path_segment()

apr_status_t apr_escape_path_segment ( char *  escaped,
const char *  str,
apr_ssize_t  slen,
apr_size_t len 
)

Escape a path segment, as defined in RFC1808.

Parameters
escapedOptional buffer to write the encoded string, can be NULL
strThe original string
slenThe length of the original string, or APR_ESCAPE_STRING
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

◆ apr_escape_shell()

apr_status_t apr_escape_shell ( char *  escaped,
const char *  str,
apr_ssize_t  slen,
apr_size_t len 
)

Perform shell escaping on the provided string.

Shell escaping causes characters to be prefixed with a '\' character.

Parameters
escapedOptional buffer to write the encoded string, can be NULL
strThe original string
slenThe length of the original string, or APR_ESCAPE_STRING
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

◆ apr_escape_urlencoded()

apr_status_t apr_escape_urlencoded ( char *  escaped,
const char *  str,
apr_ssize_t  slen,
apr_size_t len 
)

Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1.

Parameters
escapedOptional buffer to write the encoded string, can be NULL
strThe original string
slenThe length of the original string, or APR_ESCAPE_STRING
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the stirng was NULL

◆ apr_pescape_echo()

const char* apr_pescape_echo ( apr_pool_t p,
const char *  str,
int  quote 
)

Escape control characters in a string, as performed by the shell's 'echo' command, and return the results from a pool. Characters are replaced as follows: \a alert (bell), \b backspace, \f form feed, \n new line, \r carriage return, \t horizontal tab, \v vertical tab, \ backslash.

Any non ascii character will be encoded as '\xHH', where HH is the hex code of the character.

If quote is not zero, the double quote character will also be escaped.

Parameters
pPool to allocate from
strThe original string
quoteIf non zero, encode double quotes
Returns
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

◆ apr_pescape_entity()

const char* apr_pescape_entity ( apr_pool_t p,
const char *  str,
int  toasc 
)

Apply entity encoding to a string, returning the result from a pool. Characters are replaced as follows: '<' becomes '&lt;', '>' becomes '&gt;', '&' becomes '&amp;', the double quote becomes '&quot;" and the single quote becomes '&apos;'.

Parameters
pPool to allocate from
strThe original string
toascIf non zero, encode non ascii characters
Returns
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

◆ apr_pescape_hex()

const char* apr_pescape_hex ( apr_pool_t p,
const void *  src,
apr_size_t  slen,
int  colon 
)

Convert binary data to a hex encoding, and return the results from a pool.

Parameters
pPool to allocate from
srcThe original buffer
slenThe length of the original buffer
colonIf not zero, insert colon characters between hex digits.
Returns
A zero padded buffer allocated from the pool on success, or NULL if src was NULL.

◆ apr_pescape_json()

const char* apr_pescape_json ( apr_pool_t p,
const char *  src,
apr_ssize_t  srclen,
int  quote 
)

Apply JSON escaping to a UTF string. Invalid UTF8 character sequences are replaced by the U+FFFD replacement character.

Parameters
pPool to allocate from
srcThe original buffer
srclenThe length of the original buffer. Pass APR_ESCAPE_STRING for a NUL terminated string.
quoteIf non zero, surround the string with quotes, and if the string is NULL, return the string "NULL".
Returns
A zero padded buffer allocated from the pool on success, or NULL if src was NULL.

◆ apr_pescape_ldap()

const char* apr_pescape_ldap ( apr_pool_t p,
const void *  src,
apr_ssize_t  slen,
int  flags 
)

Apply LDAP escaping to binary data, and return the results from a pool. Characters from RFC4514 and RFC4515 are escaped with their hex equivalents.

Parameters
pPool to allocate from
srcThe original buffer
slenThe length of the original buffer
flagsAPR_ESCAPE_LDAP_DN for RFC4514, APR_ESCAPE_LDAP_FILTER for RFC4515, APR_ESCAPE_LDAP_ALL for both
Returns
A zero padded buffer allocated from the pool on success, or NULL if src was NULL.

◆ apr_pescape_path()

const char* apr_pescape_path ( apr_pool_t p,
const char *  str,
int  partial 
)

Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808, returning the result from a pool.

In all cases if a ':' occurs before the first '/' in the URL, the URL should be prefixed with "./" (or the ':' escaped). In the case of Unix, this means leaving '/' alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don't use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.

If partial is set, os_escape_path() assumes that the path will be appended to something with a '/' in it (and thus does not prefix "./").

Parameters
pPool to allocate from
strThe original string
partialIf non zero, suppresses the prepending of "./"
Returns
A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.

◆ apr_pescape_path_segment()

const char* apr_pescape_path_segment ( apr_pool_t p,
const char *  str 
)

Escape a path segment, as defined in RFC1808, returning the result from a pool.

Parameters
pPool to allocate from
strString to be escaped
Returns
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

◆ apr_pescape_shell()

const char* apr_pescape_shell ( apr_pool_t p,
const char *  str 
)

Perform shell escaping on the provided string, returning the result from the pool.

Shell escaping causes characters to be prefixed with a '\' character.

If no characters were escaped, the original string is returned.

Parameters
pPool to allocate from
strThe original string
Returns
the encoded string, allocated from the pool, or the original string if no escaping took place or the string was NULL.

◆ apr_pescape_urlencoded()

const char* apr_pescape_urlencoded ( apr_pool_t p,
const char *  str 
)

Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1, returning the result from a pool.

Parameters
pPool to allocate from
strString to be escaped
Returns
A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.

◆ apr_punescape_entity()

const char* apr_punescape_entity ( apr_pool_t p,
const char *  str 
)

Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, &#00; will not be decoded, but will be deleted.

Parameters
pPool to allocate from
strThe original string
Returns
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

◆ apr_punescape_hex()

const void* apr_punescape_hex ( apr_pool_t p,
const char *  str,
int  colon,
apr_size_t len 
)

Convert hex encoding to binary data, and return the results from a pool. If the colon character appears between pairs of hex digits, it will be ignored.

Parameters
pPool to allocate from
strThe original string
colonIf not zero, ignore colon characters between hex digits.
lenIf present, returns the length of the final buffer
Returns
A buffer allocated from the pool on success, or NULL if src was NULL, or a bad character was present.

◆ apr_punescape_url()

const char* apr_punescape_url ( apr_pool_t p,
const char *  url,
const char *  forbid,
const char *  reserved,
int  plus 
)

Unescapes a URL, leaving reserved characters intact, returning the result from a pool.

Parameters
pPool to allocate from
urlString to be unescaped in place
forbidOptional list of forbidden characters, in addition to 0x00
reservedOptional list of reserved characters that will be left unescaped
plusIf non zero, '+' is converted to ' ' as per application/x-www-form-urlencoded encoding
Returns
A string allocated from the pool on success, the original string if no characters are decoded, or NULL if a bad escape sequence is found or if a character on the forbid list is found, or if the original string was NULL.

◆ apr_unescape_entity()

apr_status_t apr_unescape_entity ( char *  unescaped,
const char *  str,
apr_ssize_t  slen,
apr_size_t len 
)

Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, &#00; will not be decoded, but will be deleted.

Parameters
unescapedOptional buffer to write the encoded string, can be NULL
strThe original string
slenThe length of the original string, or APR_ESCAPE_STRING
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

◆ apr_unescape_hex()

apr_status_t apr_unescape_hex ( void *  dest,
const char *  str,
apr_ssize_t  slen,
int  colon,
apr_size_t len 
)

Convert hex encoded string to binary data.

Parameters
destThe destination buffer, can be NULL
strThe original buffer
slenThe length of the original buffer
colonIf not zero, ignore colon characters between hex digits.
lenIf present, returns the length of the string
Returns
APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH if a non hex character is present.

◆ apr_unescape_url()

apr_status_t apr_unescape_url ( char *  escaped,
const char *  url,
apr_ssize_t  slen,
const char *  forbid,
const char *  reserved,
int  plus,
apr_size_t len 
)

Unescapes a URL, leaving reserved characters intact.

Parameters
escapedOptional buffer to write the encoded string, can be NULL
urlString to be unescaped
slenThe length of the original url, or APR_ESCAPE_STRING
forbidOptional list of forbidden characters, in addition to 0x00
reservedOptional list of reserved characters that will be left unescaped
plusIf non zero, '+' is converted to ' ' as per application/x-www-form-urlencoded encoding
lenIf set, the length of the escaped string will be returned
Returns
APR_SUCCESS on success, APR_NOTFOUND if no characters are decoded or the string is NULL, APR_EINVAL if a bad escape sequence is found, APR_BADCH if a character on the forbid list is found.