Added a HTML escaping function to cWebAdmin.

Apparently my editor fixed some failed tabs too.

source/WebAdmin.cpp

@@ -32,7 +32,7 @@ class cPlayerAccum :
 		m_Contents.append("</li>");
 		return false;
 	}
-	
+
 public:
 
 	AString m_Contents;
@@ -90,18 +90,18 @@ bool cWebAdmin::Init(void)
 	{
 		return false;
 	}
-	
+
 	LOG("Initialising WebAdmin...");
-	
+
 	if (!m_IniFile.GetValueSetB("WebAdmin", "Enabled", true))
 	{
 		// WebAdmin is disabled, bail out faking a success
 		return true;
 	}
-	
+
 	AString PortsIPv4 = m_IniFile.GetValueSet("WebAdmin", "Port", "8080");
 	AString PortsIPv6 = m_IniFile.GetValueSet("WebAdmin", "PortsIPv6", "");
-	
+
 	if (!m_HTTPServer.Initialize(PortsIPv4, PortsIPv6))
 	{
 		return false;
@@ -121,9 +121,9 @@ bool cWebAdmin::Start(void)
 		// Not initialized
 		return false;
 	}
-	
+
 	LOG("Starting WebAdmin...");
-	
+
 	// Initialize the WebAdmin template script and load the file
 	m_TemplateScript.Create();
 	if (!m_TemplateScript.LoadFile(FILE_IO_PREFIX "webadmin/template.lua"))
@@ -176,12 +176,12 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque
 		a_Connection.SendNeedAuth("MCServer WebAdmin - bad username or password");
 		return;
 	}
-	
+
 	// Check if the contents should be wrapped in the template:
 	AString URL = a_Request.GetBareURL();
 	ASSERT(URL.length() > 0);
 	bool ShouldWrapInTemplate = ((URL.length() > 1) && (URL[1] != '~'));
-	
+
 	// Retrieve the request data:
 	cWebadminRequestData * Data = (cWebadminRequestData *)(a_Request.GetUserData());
 	if (Data == NULL)
@@ -189,14 +189,14 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque
 		a_Connection.SendStatusAndReason(500, "Bad UserData");
 		return;
 	}
-	
+
 	// Wrap it all up for the Lua call:
 	AString Template;
 	HTTPTemplateRequest TemplateRequest;
 	TemplateRequest.Request.Username = a_Request.GetAuthUsername();
 	TemplateRequest.Request.Method = a_Request.GetMethod();
 	TemplateRequest.Request.Path = URL.substr(1);
-	
+
 	if (Data->m_Form.Finish())
 	{
 		for (cHTTPFormParser::const_iterator itr = Data->m_Form.begin(), end = Data->m_Form.end(); itr != end; ++itr)
@@ -208,7 +208,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque
 			TemplateRequest.Request.FormData[itr->first] = HTTPfd;
 			TemplateRequest.Request.PostParams[itr->first] = itr->second;
 		}  // for itr - Data->m_Form[]
-		
+
 		// Parse the URL into individual params:
 		size_t idxQM = a_Request.GetURL().find('?');
 		if (idxQM != AString::npos)
@@ -221,7 +221,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque
 			}  // for itr - URLParams[]
 		}
 	}
-	
+
 	// Try to get the template from the Lua template script
 	if (ShouldWrapInTemplate)
 	{
@@ -236,7 +236,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque
 		a_Connection.SendStatusAndReason(500, "m_TemplateScript failed");
 		return;
 	}
-	
+
 	AString BaseURL = GetBaseURL(URL);
 	AString Menu;
 	Template = "{CONTENT}";
@@ -397,6 +397,45 @@ AString cWebAdmin::GetBaseURL( const AString& a_URL )
 
 
 
+AString cWebAdmin::GetHTMLEscapedString( const AString& a_Input )
+{
+
+	// Define a stringstream to write the output to.
+	std::stringstream dst;
+
+	// Loop over input and substitute HTML characters for their alternatives.
+	for (char workingCharacter : a_Input) {
+		switch (workingCharacter)
+		{
+			case '&':
+				dst << "&amp;";
+				break;
+			case '\'':
+				dst << "&apos;";
+				break;
+			case '"':
+				dst << "&quot;";
+				break;
+			case '<':
+				dst << "&lt;";
+				break;
+			case '>':
+				dst << "&gt;";
+				break;
+			default:
+				dst << workingCharacter;
+				break;
+		}
+	}
+
+	return dst.str();
+
+}
+
+
+
+
+
 AString cWebAdmin::GetBaseURL( const AStringVector& a_URLSplit )
 {
 	AString BaseURL = "./";
@@ -481,7 +520,7 @@ void cWebAdmin::OnRequestFinished(cHTTPConnection & a_Connection, cHTTPRequest &
 	{
 		// TODO: Handle other requests
 	}
-	
+
 	// Delete any request data assigned to the request:
 	cRequestData * Data = (cRequestData *)(a_Request.GetUserData());
 	delete Data;

source/WebAdmin.h

@@ -51,18 +51,18 @@ struct HTTPRequest
 {
 	typedef std::map< std::string, std::string > StringStringMap;
 	typedef std::map< std::string, HTTPFormData > FormDataMap;
-	
+
 	AString Method;
 	AString Path;
 	AString Username;
 	// tolua_end
-	
+
 	/// Parameters given in the URL, after the questionmark
 	StringStringMap Params;     // >> EXPORTED IN MANUALBINDINGS <<
-	
+
 	/// Parameters posted as a part of a form - either in the URL (GET method) or in the body (POST method)
 	StringStringMap PostParams; // >> EXPORTED IN MANUALBINDINGS <<
-	
+
 	/// Same as PostParams
 	FormDataMap FormData;       // >> EXPORTED IN MANUALBINDINGS <<
 } ; // tolua_export
@@ -101,7 +101,7 @@ class cWebAdmin :
 {
 public:
 	// tolua_end
-	
+
 	typedef std::list< cWebPlugin* > PluginList;
 
 
@@ -110,7 +110,7 @@ public:
 
 	/// Initializes the object. Returns true if successfully initialized and ready to start
 	bool Init(void);
-	
+
 	/// Starts the HTTP server taking care of the admin. Returns true if successful
 	bool Start(void);
 
@@ -121,32 +121,35 @@ public:
 	PluginList          GetPlugins() const { return m_Plugins; } // >> EXPORTED IN MANUALBINDINGS <<
 
 	// tolua_begin
-	
+
 	/// Returns the amount of currently used memory, in KiB, or -1 if it cannot be queried
 	static int GetMemoryUsage(void);
 
 	sWebAdminPage       GetPage(const HTTPRequest& a_Request);
-	
+
 	/// Returns the contents of the default page - the list of plugins and players
 	AString GetDefaultPage(void);
-	
+
 	AString             GetBaseURL(const AString& a_URL);
-	
+
+	// Escapes text passed into it, so it can be embedded into html.
+	AString             GetHTMLEscapedString( const AString& a_Input );
+
 	// tolua_end
 
 	AString             GetBaseURL(const AStringVector& a_URLSplit);
-	
+
 protected:
 	/// Common base class for request body data handlers
 	class cRequestData
 	{
 	public:
 		virtual ~cRequestData() {}  // Force a virtual destructor in all descendants
-		
+
 		/// Called when a new chunk of body data is received
 		virtual void OnBody(const char * a_Data, int a_Size) = 0;
 	} ;
-	
+
 	/// The body handler for requests in the "/webadmin" and "/~webadmin" paths
 	class cWebadminRequestData :
 		public cRequestData,
@@ -154,13 +157,13 @@ protected:
 	{
 	public:
 		cHTTPFormParser m_Form;
-		
+
-		
+
 		cWebadminRequestData(cHTTPRequest & a_Request) :
 			m_Form(a_Request, *this)
 		{
 		}
-		
+
 		// cRequestData overrides:
 		virtual void OnBody(const char * a_Data, int a_Size) override;
 
@@ -169,31 +172,31 @@ protected:
 		virtual void OnFileData(cHTTPFormParser & a_Parser, const char * a_Data, int a_Size) override {}
 		virtual void OnFileEnd(cHTTPFormParser & a_Parser) override {}
 	} ;
-	
+
-	
+
 	/// Set to true if Init() succeeds and the webadmin isn't to be disabled
 	bool m_IsInitialized;
 
 	/// The webadmin.ini file, used for the settings and allowed logins
 	cIniFile   m_IniFile;
-	
+
 	PluginList m_Plugins;
 
 	/// The Lua template script to provide templates:
 	cLuaState m_TemplateScript;
-	
+
 	/// The HTTP server which provides the underlying HTTP parsing, serialization and events
 	cHTTPServer m_HTTPServer;
 
 
 	AString GetTemplate(void);
-	
+
 	/// Handles requests coming to the "/webadmin" or "/~webadmin" URLs
 	void HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPRequest & a_Request);
-	
+
 	/// Handles requests for the root page
 	void HandleRootRequest(cHTTPConnection & a_Connection, cHTTPRequest & a_Request);
-	
+
 	// cHTTPServer::cCallbacks overrides:
 	virtual void OnRequestBegun   (cHTTPConnection & a_Connection, cHTTPRequest & a_Request) override;
 	virtual void OnRequestBody    (cHTTPConnection & a_Connection, cHTTPRequest & a_Request, const char * a_Data, int a_Size) override;