Escape functions
Overview
// global functions apr_status_t apr_escape_shell( char* escaped, const char* str, apr_ssize_t slen, apr_size_t* len ); const char* apr_pescape_shell( apr_pool_t* p, const char* str ); apr_status_t apr_unescape_url( char* escaped, const char* url, apr_ssize_t slen, const char* forbid, const char* reserved, int plus, apr_size_t* len ); const char* apr_punescape_url( apr_pool_t* p, const char* url, const char* forbid, const char* reserved, int plus ); apr_status_t apr_escape_path_segment( char* escaped, const char* str, apr_ssize_t slen, apr_size_t* len ); const char* apr_pescape_path_segment( apr_pool_t* p, const char* str ); apr_status_t apr_escape_path( char* escaped, const char* path, apr_ssize_t slen, int partial, apr_size_t* len ); const char* apr_pescape_path( apr_pool_t* p, const char* str, int partial ); apr_status_t apr_escape_urlencoded( char* escaped, const char* str, apr_ssize_t slen, apr_size_t* len ); const char* apr_pescape_urlencoded( apr_pool_t* p, const char* str ); apr_status_t apr_escape_entity( char* escaped, const char* str, apr_ssize_t slen, int toasc, apr_size_t* len ); const char* apr_pescape_entity( apr_pool_t* p, const char* str, int toasc ); apr_status_t apr_unescape_entity( char* unescaped, const char* str, apr_ssize_t slen, apr_size_t* len ); const char* apr_punescape_entity( apr_pool_t* p, const char* str ); apr_status_t apr_escape_echo( char* escaped, const char* str, apr_ssize_t slen, int quote, apr_size_t* len ); const char* apr_pescape_echo( apr_pool_t* p, const char* str, int quote ); apr_status_t apr_escape_hex( char* dest, const void* src, apr_size_t srclen, int colon, apr_size_t* len ); const char* apr_pescape_hex( apr_pool_t* p, const void* src, apr_size_t slen, int colon ); apr_status_t apr_unescape_hex( void* dest, const char* str, apr_ssize_t slen, int colon, apr_size_t* len ); const void* apr_punescape_hex( apr_pool_t* p, const char* str, int colon, apr_size_t* len ); // macros #define APR_ESCAPE_STRING
Detailed Documentation
Global Functions
apr_status_t apr_escape_shell( char* escaped, const char* str, apr_ssize_t slen, apr_size_t* len )
Perform shell escaping on the provided string.
Shell escaping causes characters to be prefixed with a ‘' character.
Parameters:
escaped |
Optional buffer to write the encoded string, can be NULL |
str |
The original string |
slen |
The length of the original string, or APR_ESCAPE_STRING |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL
const char* apr_pescape_shell( apr_pool_t* p, const char* str )
Perform shell escaping on the provided string, returning the result from the pool.
Shell escaping causes characters to be prefixed with a ‘' character.
If no characters were escaped, the original string is returned.
Parameters:
p |
Pool to allocate from |
str |
The original string |
Returns:
the encoded string, allocated from the pool, or the original string if no escaping took place or the string was NULL.
apr_status_t apr_unescape_url( char* escaped, const char* url, apr_ssize_t slen, const char* forbid, const char* reserved, int plus, apr_size_t* len )
Unescapes a URL, leaving reserved characters intact.
Parameters:
escaped |
Optional buffer to write the encoded string, can be NULL |
url |
String to be unescaped |
slen |
The length of the original url, or APR_ESCAPE_STRING |
forbid |
Optional list of forbidden characters, in addition to 0x00 |
reserved |
Optional list of reserved characters that will be left unescaped |
plus |
If non zero, ‘+’ is converted to ‘ ‘ as per application/x-www-form-urlencoded encoding |
len |
If set, the length of the escaped string will be returned |
Returns:
APR_SUCCESS on success, APR_NOTFOUND if no characters are decoded or the string is NULL, APR_EINVAL if a bad escape sequence is found, APR_BADCH if a character on the forbid list is found.
const char* apr_punescape_url( apr_pool_t* p, const char* url, const char* forbid, const char* reserved, int plus )
Unescapes a URL, leaving reserved characters intact, returning the result from a pool.
Parameters:
p |
Pool to allocate from |
url |
String to be unescaped in place |
forbid |
Optional list of forbidden characters, in addition to 0x00 |
reserved |
Optional list of reserved characters that will be left unescaped |
plus |
If non zero, ‘+’ is converted to ‘ ‘ as per application/x-www-form-urlencoded encoding |
Returns:
A string allocated from the pool on success, the original string if no characters are decoded, or NULL if a bad escape sequence is found or if a character on the forbid list is found, or if the original string was NULL.
apr_status_t apr_escape_path_segment( char* escaped, const char* str, apr_ssize_t slen, apr_size_t* len )
Escape a path segment, as defined in RFC1808.
Parameters:
escaped |
Optional buffer to write the encoded string, can be NULL |
str |
The original string |
slen |
The length of the original string, or APR_ESCAPE_STRING |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL
const char* apr_pescape_path_segment( apr_pool_t* p, const char* str )
Escape a path segment, as defined in RFC1808, returning the result from a pool.
Parameters:
p |
Pool to allocate from |
str |
String to be escaped |
Returns:
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.
apr_status_t apr_escape_path( char* escaped, const char* path, apr_ssize_t slen, int partial, apr_size_t* len )
Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808. In all cases if a ‘:’ occurs before the first ‘/’ in the URL, the URL should be prefixed with “./” (or the ‘:’ escaped). In the case of Unix, this means leaving ‘/’ alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don’t use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.
If partial is set, os_escape_path() assumes that the path will be appended to something with a ‘/’ in it (and thus does not prefix “./”).
Parameters:
escaped |
Optional buffer to write the encoded string, can be NULL |
path |
The original string |
slen |
The length of the original string, or APR_ESCAPE_STRING |
partial |
If non zero, suppresses the prepending of “./” |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the string was NULL
const char* apr_pescape_path( apr_pool_t* p, const char* str, int partial )
Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808, returning the result from a pool.
In all cases if a ‘:’ occurs before the first ‘/’ in the URL, the URL should be prefixed with “./” (or the ‘:’ escaped). In the case of Unix, this means leaving ‘/’ alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don’t use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.
If partial is set, os_escape_path() assumes that the path will be appended to something with a ‘/’ in it (and thus does not prefix “./”).
Parameters:
p |
Pool to allocate from |
str |
The original string |
partial |
If non zero, suppresses the prepending of “./” |
Returns:
A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.
apr_status_t apr_escape_urlencoded( char* escaped, const char* str, apr_ssize_t slen, apr_size_t* len )
Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1.
Parameters:
escaped |
Optional buffer to write the encoded string, can be NULL |
str |
The original string |
slen |
The length of the original string, or APR_ESCAPE_STRING |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the stirng was NULL
const char* apr_pescape_urlencoded( apr_pool_t* p, const char* str )
Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1, returning the result from a pool.
Parameters:
p |
Pool to allocate from |
str |
String to be escaped |
Returns:
A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.
apr_status_t apr_escape_entity( char* escaped, const char* str, apr_ssize_t slen, int toasc, apr_size_t* len )
Apply entity encoding to a string. Characters are replaced as follows: ‘<’ becomes ‘<’, ‘>’ becomes ‘>’, ‘&’ becomes ‘&’, the double quote becomes ‘”” and the single quote becomes ‘’’.
If toasc is not zero, any non ascii character will be encoded as ‘%#ddd;’, where ddd is the decimal code of the character.
Parameters:
escaped |
Optional buffer to write the encoded string, can be NULL |
str |
The original string |
slen |
The length of the original string, or APR_ESCAPE_STRING |
toasc |
If non zero, encode non ascii characters |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL
const char* apr_pescape_entity( apr_pool_t* p, const char* str, int toasc )
Apply entity encoding to a string, returning the result from a pool. Characters are replaced as follows: ‘<’ becomes ‘<’, ‘>’ becomes ‘>’, ‘&’ becomes ‘&’, the double quote becomes ‘”” and the single quote becomes ‘’’.
Parameters:
p |
Pool to allocate from |
str |
The original string |
toasc |
If non zero, encode non ascii characters |
Returns:
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.
apr_status_t apr_unescape_entity( char* unescaped, const char* str, apr_ssize_t slen, apr_size_t* len )
Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, � will not be decoded, but will be deleted.
Parameters:
unescaped |
Optional buffer to write the encoded string, can be NULL |
str |
The original string |
slen |
The length of the original string, or APR_ESCAPE_STRING |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL
const char* apr_punescape_entity( apr_pool_t* p, const char* str )
Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, � will not be decoded, but will be deleted.
Parameters:
p |
Pool to allocate from |
str |
The original string |
Returns:
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.
apr_status_t apr_escape_echo( char* escaped, const char* str, apr_ssize_t slen, int quote, apr_size_t* len )
Escape control characters in a string, as performed by the shell’s ‘echo’ command. Characters are replaced as follows: a alert (bell), b backspace, f form feed, n new line, r carriage return, t horizontal tab, v vertical tab, backslash.
Any non ascii character will be encoded as ‘xHH’, where HH is the hex code of the character.
If quote is not zero, the double quote character will also be escaped.
Parameters:
escaped |
Optional buffer to write the encoded string, can be NULL |
str |
The original string |
slen |
The length of the original string, or APR_ESCAPE_STRING |
quote |
If non zero, encode double quotes |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL
const char* apr_pescape_echo( apr_pool_t* p, const char* str, int quote )
Escape control characters in a string, as performed by the shell’s ‘echo’ command, and return the results from a pool. Characters are replaced as follows: a alert (bell), b backspace, f form feed, n new line, r carriage return, t horizontal tab, v vertical tab, backslash.
Any non ascii character will be encoded as ‘xHH’, where HH is the hex code of the character.
If quote is not zero, the double quote character will also be escaped.
Parameters:
p |
Pool to allocate from |
str |
The original string |
quote |
If non zero, encode double quotes |
Returns:
A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.
apr_status_t apr_escape_hex( char* dest, const void* src, apr_size_t srclen, int colon, apr_size_t* len )
Convert binary data to a hex encoding.
Parameters:
dest |
The destination buffer, can be NULL |
src |
The original buffer |
srclen |
The length of the original buffer |
colon |
If not zero, insert colon characters between hex digits. |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if the string was NULL
const char* apr_pescape_hex( apr_pool_t* p, const void* src, apr_size_t slen, int colon )
Convert binary data to a hex encoding, and return the results from a pool.
Parameters:
p |
Pool to allocate from |
src |
The original buffer |
slen |
The length of the original buffer |
colon |
If not zero, insert colon characters between hex digits. |
Returns:
A zero padded buffer allocated from the pool on success, or NULL if src was NULL.
apr_status_t apr_unescape_hex( void* dest, const char* str, apr_ssize_t slen, int colon, apr_size_t* len )
Convert hex encoded string to binary data.
Parameters:
dest |
The destination buffer, can be NULL |
str |
The original buffer |
slen |
The length of the original buffer |
colon |
If not zero, ignore colon characters between hex digits. |
len |
If present, returns the length of the string |
Returns:
APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH if a non hex character is present.
const void* apr_punescape_hex( apr_pool_t* p, const char* str, int colon, apr_size_t* len )
Convert hex encoding to binary data, and return the results from a pool. If the colon character appears between pairs of hex digits, it will be ignored.
Parameters:
p |
Pool to allocate from |
str |
The original string |
colon |
If not zero, ignore colon characters between hex digits. |
len |
If present, returns the length of the final buffer |
Returns:
A buffer allocated from the pool on success, or NULL if src was NULL, or a bad character was present.
Macros
#define APR_ESCAPE_STRING
When passing a string to one of the escape functions, this value can be passed to indicate a string-valued key, and have the length computed automatically.