Escape functions

Overview

// global functions

apr_status_t
apr_escape_shell(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
);

const char*
apr_pescape_shell(
    apr_pool_t* p,
    const char* str
);

apr_status_t
apr_unescape_url(
    char* escaped,
    const char* url,
    apr_ssize_t slen,
    const char* forbid,
    const char* reserved,
    int plus,
    apr_size_t* len
);

const char*
apr_punescape_url(
    apr_pool_t* p,
    const char* url,
    const char* forbid,
    const char* reserved,
    int plus
);

apr_status_t
apr_escape_path_segment(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
);

const char*
apr_pescape_path_segment(
    apr_pool_t* p,
    const char* str
);

apr_status_t
apr_escape_path(
    char* escaped,
    const char* path,
    apr_ssize_t slen,
    int partial,
    apr_size_t* len
);

const char*
apr_pescape_path(
    apr_pool_t* p,
    const char* str,
    int partial
);

apr_status_t
apr_escape_urlencoded(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
);

const char*
apr_pescape_urlencoded(
    apr_pool_t* p,
    const char* str
);

apr_status_t
apr_escape_entity(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    int toasc,
    apr_size_t* len
);

const char*
apr_pescape_entity(
    apr_pool_t* p,
    const char* str,
    int toasc
);

apr_status_t
apr_unescape_entity(
    char* unescaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
);

const char*
apr_punescape_entity(
    apr_pool_t* p,
    const char* str
);

apr_status_t
apr_escape_echo(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    int quote,
    apr_size_t* len
);

const char*
apr_pescape_echo(
    apr_pool_t* p,
    const char* str,
    int quote
);

apr_status_t
apr_escape_hex(
    char* dest,
    const void* src,
    apr_size_t srclen,
    int colon,
    apr_size_t* len
);

const char*
apr_pescape_hex(
    apr_pool_t* p,
    const void* src,
    apr_size_t slen,
    int colon
);

apr_status_t
apr_unescape_hex(
    void* dest,
    const char* str,
    apr_ssize_t slen,
    int colon,
    apr_size_t* len
);

const void*
apr_punescape_hex(
    apr_pool_t* p,
    const char* str,
    int colon,
    apr_size_t* len
);

// macros

#define APR_ESCAPE_STRING

Detailed Documentation

Global Functions

apr_status_t
apr_escape_shell(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
)

Perform shell escaping on the provided string.

Shell escaping causes characters to be prefixed with a ‘' character.

Parameters:

escaped

Optional buffer to write the encoded string, can be NULL

str

The original string

slen

The length of the original string, or APR_ESCAPE_STRING

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

const char*
apr_pescape_shell(
    apr_pool_t* p,
    const char* str
)

Perform shell escaping on the provided string, returning the result from the pool.

Shell escaping causes characters to be prefixed with a ‘' character.

If no characters were escaped, the original string is returned.

Parameters:

p

Pool to allocate from

str

The original string

Returns:

the encoded string, allocated from the pool, or the original string if no escaping took place or the string was NULL.

apr_status_t
apr_unescape_url(
    char* escaped,
    const char* url,
    apr_ssize_t slen,
    const char* forbid,
    const char* reserved,
    int plus,
    apr_size_t* len
)

Unescapes a URL, leaving reserved characters intact.

Parameters:

escaped

Optional buffer to write the encoded string, can be NULL

url

String to be unescaped

slen

The length of the original url, or APR_ESCAPE_STRING

forbid

Optional list of forbidden characters, in addition to 0x00

reserved

Optional list of reserved characters that will be left unescaped

plus

If non zero, ‘+’ is converted to ‘ ‘ as per application/x-www-form-urlencoded encoding

len

If set, the length of the escaped string will be returned

Returns:

APR_SUCCESS on success, APR_NOTFOUND if no characters are decoded or the string is NULL, APR_EINVAL if a bad escape sequence is found, APR_BADCH if a character on the forbid list is found.

const char*
apr_punescape_url(
    apr_pool_t* p,
    const char* url,
    const char* forbid,
    const char* reserved,
    int plus
)

Unescapes a URL, leaving reserved characters intact, returning the result from a pool.

Parameters:

p

Pool to allocate from

url

String to be unescaped in place

forbid

Optional list of forbidden characters, in addition to 0x00

reserved

Optional list of reserved characters that will be left unescaped

plus

If non zero, ‘+’ is converted to ‘ ‘ as per application/x-www-form-urlencoded encoding

Returns:

A string allocated from the pool on success, the original string if no characters are decoded, or NULL if a bad escape sequence is found or if a character on the forbid list is found, or if the original string was NULL.

apr_status_t
apr_escape_path_segment(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
)

Escape a path segment, as defined in RFC1808.

Parameters:

escaped

Optional buffer to write the encoded string, can be NULL

str

The original string

slen

The length of the original string, or APR_ESCAPE_STRING

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

const char*
apr_pescape_path_segment(
    apr_pool_t* p,
    const char* str
)

Escape a path segment, as defined in RFC1808, returning the result from a pool.

Parameters:

p

Pool to allocate from

str

String to be escaped

Returns:

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

apr_status_t
apr_escape_path(
    char* escaped,
    const char* path,
    apr_ssize_t slen,
    int partial,
    apr_size_t* len
)

Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808. In all cases if a ‘:’ occurs before the first ‘/’ in the URL, the URL should be prefixed with “./” (or the ‘:’ escaped). In the case of Unix, this means leaving ‘/’ alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don’t use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.

If partial is set, os_escape_path() assumes that the path will be appended to something with a ‘/’ in it (and thus does not prefix “./”).

Parameters:

escaped

Optional buffer to write the encoded string, can be NULL

path

The original string

slen

The length of the original string, or APR_ESCAPE_STRING

partial

If non zero, suppresses the prepending of “./”

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the string was NULL

const char*
apr_pescape_path(
    apr_pool_t* p,
    const char* str,
    int partial
)

Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808, returning the result from a pool.

In all cases if a ‘:’ occurs before the first ‘/’ in the URL, the URL should be prefixed with “./” (or the ‘:’ escaped). In the case of Unix, this means leaving ‘/’ alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don’t use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.

If partial is set, os_escape_path() assumes that the path will be appended to something with a ‘/’ in it (and thus does not prefix “./”).

Parameters:

p

Pool to allocate from

str

The original string

partial

If non zero, suppresses the prepending of “./”

Returns:

A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.

apr_status_t
apr_escape_urlencoded(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
)

Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1.

Parameters:

escaped

Optional buffer to write the encoded string, can be NULL

str

The original string

slen

The length of the original string, or APR_ESCAPE_STRING

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the stirng was NULL

const char*
apr_pescape_urlencoded(
    apr_pool_t* p,
    const char* str
)

Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1, returning the result from a pool.

Parameters:

p

Pool to allocate from

str

String to be escaped

Returns:

A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.

apr_status_t
apr_escape_entity(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    int toasc,
    apr_size_t* len
)

Apply entity encoding to a string. Characters are replaced as follows: ‘<’ becomes ‘<’, ‘>’ becomes ‘>’, ‘&’ becomes ‘&’, the double quote becomes ‘”” and the single quote becomes ‘’’.

If toasc is not zero, any non ascii character will be encoded as ‘%#ddd;’, where ddd is the decimal code of the character.

Parameters:

escaped

Optional buffer to write the encoded string, can be NULL

str

The original string

slen

The length of the original string, or APR_ESCAPE_STRING

toasc

If non zero, encode non ascii characters

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

const char*
apr_pescape_entity(
    apr_pool_t* p,
    const char* str,
    int toasc
)

Apply entity encoding to a string, returning the result from a pool. Characters are replaced as follows: ‘<’ becomes ‘<’, ‘>’ becomes ‘>’, ‘&’ becomes ‘&’, the double quote becomes ‘”” and the single quote becomes ‘’’.

Parameters:

p

Pool to allocate from

str

The original string

toasc

If non zero, encode non ascii characters

Returns:

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

apr_status_t
apr_unescape_entity(
    char* unescaped,
    const char* str,
    apr_ssize_t slen,
    apr_size_t* len
)

Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, &#00; will not be decoded, but will be deleted.

Parameters:

unescaped

Optional buffer to write the encoded string, can be NULL

str

The original string

slen

The length of the original string, or APR_ESCAPE_STRING

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

const char*
apr_punescape_entity(
    apr_pool_t* p,
    const char* str
)

Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, &#00; will not be decoded, but will be deleted.

Parameters:

p

Pool to allocate from

str

The original string

Returns:

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

apr_status_t
apr_escape_echo(
    char* escaped,
    const char* str,
    apr_ssize_t slen,
    int quote,
    apr_size_t* len
)

Escape control characters in a string, as performed by the shell’s ‘echo’ command. Characters are replaced as follows: a alert (bell), b backspace, f form feed, n new line, r carriage return, t horizontal tab, v vertical tab, backslash.

Any non ascii character will be encoded as ‘xHH’, where HH is the hex code of the character.

If quote is not zero, the double quote character will also be escaped.

Parameters:

escaped

Optional buffer to write the encoded string, can be NULL

str

The original string

slen

The length of the original string, or APR_ESCAPE_STRING

quote

If non zero, encode double quotes

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

const char*
apr_pescape_echo(
    apr_pool_t* p,
    const char* str,
    int quote
)

Escape control characters in a string, as performed by the shell’s ‘echo’ command, and return the results from a pool. Characters are replaced as follows: a alert (bell), b backspace, f form feed, n new line, r carriage return, t horizontal tab, v vertical tab, backslash.

Any non ascii character will be encoded as ‘xHH’, where HH is the hex code of the character.

If quote is not zero, the double quote character will also be escaped.

Parameters:

p

Pool to allocate from

str

The original string

quote

If non zero, encode double quotes

Returns:

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

apr_status_t
apr_escape_hex(
    char* dest,
    const void* src,
    apr_size_t srclen,
    int colon,
    apr_size_t* len
)

Convert binary data to a hex encoding.

Parameters:

dest

The destination buffer, can be NULL

src

The original buffer

srclen

The length of the original buffer

colon

If not zero, insert colon characters between hex digits.

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if the string was NULL

const char*
apr_pescape_hex(
    apr_pool_t* p,
    const void* src,
    apr_size_t slen,
    int colon
)

Convert binary data to a hex encoding, and return the results from a pool.

Parameters:

p

Pool to allocate from

src

The original buffer

slen

The length of the original buffer

colon

If not zero, insert colon characters between hex digits.

Returns:

A zero padded buffer allocated from the pool on success, or NULL if src was NULL.

apr_status_t
apr_unescape_hex(
    void* dest,
    const char* str,
    apr_ssize_t slen,
    int colon,
    apr_size_t* len
)

Convert hex encoded string to binary data.

Parameters:

dest

The destination buffer, can be NULL

str

The original buffer

slen

The length of the original buffer

colon

If not zero, ignore colon characters between hex digits.

len

If present, returns the length of the string

Returns:

APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH if a non hex character is present.

const void*
apr_punescape_hex(
    apr_pool_t* p,
    const char* str,
    int colon,
    apr_size_t* len
)

Convert hex encoding to binary data, and return the results from a pool. If the colon character appears between pairs of hex digits, it will be ignored.

Parameters:

p

Pool to allocate from

str

The original string

colon

If not zero, ignore colon characters between hex digits.

len

If present, returns the length of the final buffer

Returns:

A buffer allocated from the pool on success, or NULL if src was NULL, or a bad character was present.

Macros

#define APR_ESCAPE_STRING

When passing a string to one of the escape functions, this value can be passed to indicate a string-valued key, and have the length computed automatically.