From 59eaf44062103c506fec5dc12431f7df7eb28009 Mon Sep 17 00:00:00 2001 From: Holger Schemel Date: Mon, 21 Jun 2021 16:14:13 +0200 Subject: [PATCH 1/1] added escaping special characters in JSON strings for HTTP requests --- src/files.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/files.c b/src/files.c index 9da8f609..75f0fe08 100644 --- a/src/files.c +++ b/src/files.c @@ -9274,6 +9274,11 @@ static void UploadScoreToServerExt(struct HttpRequest *request, return; } + char *levelset_identifier = getEscapedJSON(leveldir_current->identifier); + char *levelset_name = getEscapedJSON(leveldir_current->name); + char *levelset_author = getEscapedJSON(leveldir_current->author); + char *player_name = getEscapedJSON(score_entry->name); + snprintf(request->body, MAX_HTTP_BODY_SIZE, "{\n" " \"game_version\": \"%s\",\n" @@ -9290,13 +9295,13 @@ static void UploadScoreToServerExt(struct HttpRequest *request, " \"tape\": \"%s\"\n" "}\n", getProgramRealVersionString(), - leveldir_current->identifier, - leveldir_current->name, - leveldir_current->author, + levelset_identifier, + levelset_name, + levelset_author, leveldir_current->levels, leveldir_current->first_level, level_nr, - score_entry->name, + player_name, score_entry->score, score_entry->time, score_entry->tape_basename, @@ -9304,6 +9309,11 @@ static void UploadScoreToServerExt(struct HttpRequest *request, checked_free(tape_base64); + checked_free(levelset_identifier); + checked_free(levelset_name); + checked_free(levelset_author); + checked_free(player_name); + ConvertHttpRequestBodyToServerEncoding(request); if (!DoHttpRequest(request, response)) -- 2.34.1