Escape functions

Macros
#define	APR_ESCAPE_STRING   (-1)
#define	APR_ESCAPE_LDAP_DN   (0x01)
#define	APR_ESCAPE_LDAP_FILTER   (0x02)
#define	APR_ESCAPE_LDAP_ALL   (0x03)

Functions
apr_status_t	apr_escape_shell (char *escaped, const char *str, apr_ssize_t slen, apr_size_t *len)
const char *	apr_pescape_shell (apr_pool_t *p, const char *str)
apr_status_t	apr_unescape_url (char *escaped, const char *url, apr_ssize_t slen, const char *forbid, const char *reserved, int plus, apr_size_t *len)
const char *	apr_punescape_url (apr_pool_t *p, const char *url, const char *forbid, const char *reserved, int plus)
apr_status_t	apr_escape_path_segment (char *escaped, const char *str, apr_ssize_t slen, apr_size_t *len)
const char *	apr_pescape_path_segment (apr_pool_t *p, const char *str)
apr_status_t	apr_escape_path (char *escaped, const char *path, apr_ssize_t slen, int partial, apr_size_t *len)
const char *	apr_pescape_path (apr_pool_t *p, const char *str, int partial)
apr_status_t	apr_escape_urlencoded (char *escaped, const char *str, apr_ssize_t slen, apr_size_t *len)
const char *	apr_pescape_urlencoded (apr_pool_t *p, const char *str)
apr_status_t	apr_escape_entity (char *escaped, const char *str, apr_ssize_t slen, int toasc, apr_size_t *len)
const char *	apr_pescape_entity (apr_pool_t *p, const char *str, int toasc)
apr_status_t	apr_unescape_entity (char *unescaped, const char *str, apr_ssize_t slen, apr_size_t *len)
const char *	apr_punescape_entity (apr_pool_t *p, const char *str)
apr_status_t	apr_escape_echo (char *escaped, const char *str, apr_ssize_t slen, int quote, apr_size_t *len)
const char *	apr_pescape_echo (apr_pool_t *p, const char *str, int quote)
apr_status_t	apr_escape_hex (char *dest, const void *src, apr_size_t srclen, int colon, apr_size_t *len)
const char *	apr_pescape_hex (apr_pool_t *p, const void *src, apr_size_t slen, int colon)
apr_status_t	apr_unescape_hex (void *dest, const char *str, apr_ssize_t slen, int colon, apr_size_t *len)
const void *	apr_punescape_hex (apr_pool_t *p, const char *str, int colon, apr_size_t *len)
apr_status_t	apr_escape_ldap (char *dest, const void *src, apr_ssize_t srclen, int flags, apr_size_t *len)
const char *	apr_pescape_ldap (apr_pool_t *p, const void *src, apr_ssize_t slen, int flags)

Detailed Description

Macro Definition Documentation

#define APR_ESCAPE_LDAP_ALL   (0x03)

Apply both RFC4514 and RFC4515 LDAP escaping.

#define APR_ESCAPE_LDAP_DN   (0x01)

Apply LDAP distinguished name escaping as per RFC4514.

#define APR_ESCAPE_LDAP_FILTER   (0x02)

Apply LDAP filter escaping as per RFC4515.

#define APR_ESCAPE_STRING   (-1)

When passing a string to one of the escape functions, this value can be passed to indicate a string-valued key, and have the length computed automatically.

Function Documentation

apr_status_t apr_escape_echo	(	char *	escaped,
		const char *	str,
		apr_ssize_t	slen,
		int	quote,
		apr_size_t *	len
	)

Escape control characters in a string, as performed by the shell's 'echo' command. Characters are replaced as follows: \a alert (bell), \b backspace, \f form feed, \n new line, \r carriage return, \t horizontal tab, \v vertical tab, \ backslash.

Any non ascii character will be encoded as '\xHH', where HH is the hex code of the character.

If quote is not zero, the double quote character will also be escaped.

Parameters

escaped	Optional buffer to write the encoded string, can be NULL
str	The original string
slen	The length of the original string, or APR_ESCAPE_STRING
quote	If non zero, encode double quotes
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

apr_status_t apr_escape_entity	(	char *	escaped,
		const char *	str,
		apr_ssize_t	slen,
		int	toasc,
		apr_size_t *	len
	)

Apply entity encoding to a string. Characters are replaced as follows: '<' becomes '<', '>' becomes '>', '&' becomes '&', the double quote becomes '"" and the single quote becomes '''.

If toasc is not zero, any non ascii character will be encoded as '%#ddd;', where ddd is the decimal code of the character.

Parameters

escaped	Optional buffer to write the encoded string, can be NULL
str	The original string
slen	The length of the original string, or APR_ESCAPE_STRING
toasc	If non zero, encode non ascii characters
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

apr_status_t apr_escape_hex	(	char *	dest,
		const void *	src,
		apr_size_t	srclen,
		int	colon,
		apr_size_t *	len
	)

Convert binary data to a hex encoding.

Parameters

dest	The destination buffer, can be NULL
src	The original buffer
srclen	The length of the original buffer
colon	If not zero, insert colon characters between hex digits.
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if the string was NULL

apr_status_t apr_escape_ldap	(	char *	dest,
		const void *	src,
		apr_ssize_t	srclen,
		int	flags,
		apr_size_t *	len
	)

Apply LDAP escaping to binary data. Characters from RFC4514 and RFC4515 are escaped with their hex equivalents.

Parameters

dest	The destination buffer, can be NULL
src	The original buffer
srclen	The length of the original buffer
flags	APR_ESCAPE_LDAP_DN for RFC4514, APR_ESCAPE_LDAP_FILTER for RFC4515, APR_ESCAPE_LDAP_ALL for both
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if the string was NULL

apr_status_t apr_escape_path	(	char *	escaped,
		const char *	path,
		apr_ssize_t	slen,
		int	partial,
		apr_size_t *	len
	)

Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808. In all cases if a ':' occurs before the first '/' in the URL, the URL should be prefixed with "./" (or the ':' escaped). In the case of Unix, this means leaving '/' alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don't use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.

If partial is set, os_escape_path() assumes that the path will be appended to something with a '/' in it (and thus does not prefix "./").

Parameters

escaped	Optional buffer to write the encoded string, can be NULL
path	The original string
slen	The length of the original string, or APR_ESCAPE_STRING
partial	If non zero, suppresses the prepending of "./"
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the string was NULL

apr_status_t apr_escape_path_segment	(	char *	escaped,
		const char *	str,
		apr_ssize_t	slen,
		apr_size_t *	len
	)

Escape a path segment, as defined in RFC1808.

Parameters

escaped	Optional buffer to write the encoded string, can be NULL
str	The original string
slen	The length of the original string, or APR_ESCAPE_STRING
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

apr_status_t apr_escape_shell	(	char *	escaped,
		const char *	str,
		apr_ssize_t	slen,
		apr_size_t *	len
	)

Perform shell escaping on the provided string.

Shell escaping causes characters to be prefixed with a '\' character.

Parameters

escaped	Optional buffer to write the encoded string, can be NULL
str	The original string
slen	The length of the original string, or APR_ESCAPE_STRING
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

apr_status_t apr_escape_urlencoded	(	char *	escaped,
		const char *	str,
		apr_ssize_t	slen,
		apr_size_t *	len
	)

Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1.

Parameters

escaped	Optional buffer to write the encoded string, can be NULL
str	The original string
slen	The length of the original string, or APR_ESCAPE_STRING
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or if the stirng was NULL

const char* apr_pescape_echo	(	apr_pool_t *	p,
		const char *	str,
		int	quote
	)

Escape control characters in a string, as performed by the shell's 'echo' command, and return the results from a pool. Characters are replaced as follows: \a alert (bell), \b backspace, \f form feed, \n new line, \r carriage return, \t horizontal tab, \v vertical tab, \ backslash.

Any non ascii character will be encoded as '\xHH', where HH is the hex code of the character.

If quote is not zero, the double quote character will also be escaped.

Parameters

p	Pool to allocate from
str	The original string
quote	If non zero, encode double quotes

Returns

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

const char* apr_pescape_entity	(	apr_pool_t *	p,
		const char *	str,
		int	toasc
	)

Apply entity encoding to a string, returning the result from a pool. Characters are replaced as follows: '<' becomes '<', '>' becomes '>', '&' becomes '&', the double quote becomes '"" and the single quote becomes '''.

Parameters

p	Pool to allocate from
str	The original string
toasc	If non zero, encode non ascii characters

Returns

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

const char* apr_pescape_hex	(	apr_pool_t *	p,
		const void *	src,
		apr_size_t	slen,
		int	colon
	)

Convert binary data to a hex encoding, and return the results from a pool.

Parameters

p	Pool to allocate from
src	The original buffer
slen	The length of the original buffer
colon	If not zero, insert colon characters between hex digits.

Returns

A zero padded buffer allocated from the pool on success, or NULL if src was NULL.

const char* apr_pescape_ldap	(	apr_pool_t *	p,
		const void *	src,
		apr_ssize_t	slen,
		int	flags
	)

Apply LDAP escaping to binary data, and return the results from a pool. Characters from RFC4514 and RFC4515 are escaped with their hex equivalents.

Parameters

p	Pool to allocate from
src	The original buffer
slen	The length of the original buffer
flags	APR_ESCAPE_LDAP_DN for RFC4514, APR_ESCAPE_LDAP_FILTER for RFC4515, APR_ESCAPE_LDAP_ALL for both

Returns

A zero padded buffer allocated from the pool on success, or NULL if src was NULL.

const char* apr_pescape_path	(	apr_pool_t *	p,
		const char *	str,
		int	partial
	)

Converts an OS path to a URL, in an OS dependent way, as defined in RFC1808, returning the result from a pool.

In all cases if a ':' occurs before the first '/' in the URL, the URL should be prefixed with "./" (or the ':' escaped). In the case of Unix, this means leaving '/' alone, but otherwise doing what escape_path_segment() does. For efficiency reasons, we don't use escape_path_segment(), which is provided for reference. Again, RFC 1808 is where this stuff is defined.

If partial is set, os_escape_path() assumes that the path will be appended to something with a '/' in it (and thus does not prefix "./").

Parameters

p	Pool to allocate from
str	The original string
partial	If non zero, suppresses the prepending of "./"

Returns

A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.

const char* apr_pescape_path_segment	(	apr_pool_t *	p,
		const char *	str
	)

Escape a path segment, as defined in RFC1808, returning the result from a pool.

Parameters

p	Pool to allocate from
str	String to be escaped

Returns

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

const char* apr_pescape_shell	(	apr_pool_t *	p,
		const char *	str
	)

Perform shell escaping on the provided string, returning the result from the pool.

Shell escaping causes characters to be prefixed with a '\' character.

If no characters were escaped, the original string is returned.

Parameters

p	Pool to allocate from
str	The original string

Returns

the encoded string, allocated from the pool, or the original string if no escaping took place or the string was NULL.

const char* apr_pescape_urlencoded	(	apr_pool_t *	p,
		const char *	str
	)

Urlencode a string, as defined in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1, returning the result from a pool.

Parameters

p	Pool to allocate from
str	String to be escaped

Returns

A string allocated from the pool on success, the original string if no characters are encoded or if the string was NULL.

const char* apr_punescape_entity	(	apr_pool_t *	p,
		const char *	str
	)

Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, &#00; will not be decoded, but will be deleted.

Parameters

p	Pool to allocate from
str	The original string

Returns

A string allocated from the pool on success, the original string if no characters are encoded or the string is NULL.

const void* apr_punescape_hex	(	apr_pool_t *	p,
		const char *	str,
		int	colon,
		apr_size_t *	len
	)

Convert hex encoding to binary data, and return the results from a pool. If the colon character appears between pairs of hex digits, it will be ignored.

Parameters

p	Pool to allocate from
str	The original string
colon	If not zero, ignore colon characters between hex digits.
len	If present, returns the length of the final buffer

Returns

A buffer allocated from the pool on success, or NULL if src was NULL, or a bad character was present.

const char* apr_punescape_url	(	apr_pool_t *	p,
		const char *	url,
		const char *	forbid,
		const char *	reserved,
		int	plus
	)

Unescapes a URL, leaving reserved characters intact, returning the result from a pool.

Parameters

p	Pool to allocate from
url	String to be unescaped in place
forbid	Optional list of forbidden characters, in addition to 0x00
reserved	Optional list of reserved characters that will be left unescaped
plus	If non zero, '+' is converted to ' ' as per application/x-www-form-urlencoded encoding

Returns

A string allocated from the pool on success, the original string if no characters are decoded, or NULL if a bad escape sequence is found or if a character on the forbid list is found, or if the original string was NULL.

apr_status_t apr_unescape_entity	(	char *	unescaped,
		const char *	str,
		apr_ssize_t	slen,
		apr_size_t *	len
	)

Decodes html entities or numeric character references in a string. If the string to be unescaped is syntactically incorrect, then the following fixups will be made: unknown entities will be left undecoded; references to unused numeric characters will be deleted. In particular, &#00; will not be decoded, but will be deleted.

Parameters

unescaped	Optional buffer to write the encoded string, can be NULL
str	The original string
slen	The length of the original string, or APR_ESCAPE_STRING
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if no changes to the string were detected or the string was NULL

apr_status_t apr_unescape_hex	(	void *	dest,
		const char *	str,
		apr_ssize_t	slen,
		int	colon,
		apr_size_t *	len
	)

Convert hex encoded string to binary data.

Parameters

dest	The destination buffer, can be NULL
str	The original buffer
slen	The length of the original buffer
colon	If not zero, ignore colon characters between hex digits.
len	If present, returns the length of the string

Returns

APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH if a non hex character is present.

apr_status_t apr_unescape_url	(	char *	escaped,
		const char *	url,
		apr_ssize_t	slen,
		const char *	forbid,
		const char *	reserved,
		int	plus,
		apr_size_t *	len
	)

Unescapes a URL, leaving reserved characters intact.

Parameters

escaped	Optional buffer to write the encoded string, can be NULL
url	String to be unescaped
slen	The length of the original url, or APR_ESCAPE_STRING
forbid	Optional list of forbidden characters, in addition to 0x00
reserved	Optional list of reserved characters that will be left unescaped
plus	If non zero, '+' is converted to ' ' as per application/x-www-form-urlencoded encoding
len	If set, the length of the escaped string will be returned

Returns

APR_SUCCESS on success, APR_NOTFOUND if no characters are decoded or the string is NULL, APR_EINVAL if a bad escape sequence is found, APR_BADCH if a character on the forbid list is found.