[Libosinfo] [PATCH] osinfo-install-script: read config values as strings
Zeeshan Ali (Khattak)
zeeshanak at gnome.org
Thu Mar 20 15:35:20 UTC 2014
On Thu, Mar 20, 2014 at 2:56 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> On Mon, Mar 17, 2014 at 05:00:16PM +0100, Giuseppe Scrivano wrote:
>> Christophe Fergeau <cfergeau at redhat.com> writes:
>>
>> >> Solves this problem:
>> >>
>> >> $ osinfo-install-script rhel6.5 -c "admin-password=a&b"
>> >> error : unterminated entity reference b
>> >
>> >
>> > Shouldn't we be XML-escaping user-input instead (
>> > xmlEncodeEntitiesReentrant() ) ?
>>
>> the same would happen, for example, if the password is generated
>> randomly. If you try enough times the same command without the
>> '-c "admin-password=a&b"' part, you will hit the same problem at some
>> point. I think it is safer to fix it at this level.
>
> My initial thought was to fix this when this string is set on the
> OsinfoInstallScriptConfig object, but there is no special code handling this parameter
> in osinfo-install-script nor in OsinfoInstallScriptConfig, just generic
> code setting an entity param, so this patch is probably the only place
> where we can solve this.
>
> However, I'm not familiar enough with the implications of using
> this 'raw' node API to feel comfortable ACKing this :-/
Looking at the docs, it should be fine. Giuseppe, I assume you ensured
`make check` doesn't break with this?
More information about the Libosinfo
mailing list