From 390431c5e0ed0c082f4069607c38d6d23d9cd405 Mon Sep 17 00:00:00 2001 From: Koki Fukuda Date: Sun, 24 May 2020 14:40:07 +0900 Subject: [PATCH] extensions-tool: Escape '\' and '"' in json string If user-input string contains '\' and/or '"', extensions-tool generates invalid json. This fixes that by escaping '\' and '"'. https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1279 --- .../extensions-tool/src/command-create.c | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/subprojects/extensions-tool/src/command-create.c b/subprojects/extensions-tool/src/command-create.c index e32e7c262..25439a850 100644 --- a/subprojects/extensions-tool/src/command-create.c +++ b/subprojects/extensions-tool/src/command-create.c @@ -48,6 +48,23 @@ get_shell_version (GError **error) return g_strjoinv (".", split_version); } +static char * +escape_json_string (const char *string) +{ + GString *escaped = g_string_new (string); + + for (gsize i = 0; i < escaped->len; ++i) + { + if (escaped->str[i] == '"' || escaped->str[i] == '\\') + { + g_string_insert_c (escaped, i, '\\'); + ++i; + } + } + + return g_string_free (escaped, FALSE); +} + static gboolean create_metadata (GFile *target_dir, const char *uuid, @@ -55,6 +72,9 @@ create_metadata (GFile *target_dir, const char *description, GError **error) { + g_autofree char *uuid_escaped = NULL; + g_autofree char *name_escaped = NULL; + g_autofree char *desc_escaped = NULL; g_autoptr (GFile) target = NULL; g_autoptr (GString) json = NULL; g_autofree char *version = NULL; @@ -63,11 +83,15 @@ create_metadata (GFile *target_dir, if (version == NULL) return FALSE; + uuid_escaped = escape_json_string (uuid); + name_escaped = escape_json_string (name); + desc_escaped = escape_json_string (description); + json = g_string_new ("{\n"); - g_string_append_printf (json, " \"name\": \"%s\",\n", name); - g_string_append_printf (json, " \"description\": \"%s\",\n", description); - g_string_append_printf (json, " \"uuid\": \"%s\",\n", uuid); + g_string_append_printf (json, " \"name\": \"%s\",\n", name_escaped); + g_string_append_printf (json, " \"description\": \"%s\",\n", desc_escaped); + g_string_append_printf (json, " \"uuid\": \"%s\",\n", uuid_escaped); g_string_append_printf (json, " \"shell-version\": [\n"); g_string_append_printf (json, " \"%s\"\n", version); g_string_append_printf (json, " ]\n}\n");