From f8ee41a287e077e95085a4b26ceee3b92fa2bfd8 Mon Sep 17 00:00:00 2001
From: Lars-Dominik Braun <lars@6xq.net>
Date: Mon, 7 Feb 2011 15:25:36 +0100
Subject: piano: xmlencode password

Fixes issue #87.
---
 src/libpiano/piano.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/libpiano/piano.c b/src/libpiano/piano.c
index 823e48d..a53c102 100644
--- a/src/libpiano/piano.c
+++ b/src/libpiano/piano.c
@@ -242,7 +242,16 @@ PianoReturn_t PianoRequest (PianoHandle_t *ph, PianoRequest_t *req,
 							"rid=%s&method=sync", ph->routeId);
 					break;
 
-				case 1:
+				case 1: {
+					char *xmlencodedPassword = NULL;
+
+					/* username == email address does not contain &,<,>," */
+					if ((xmlencodedPassword =
+							PianoXmlEncodeString (logindata->password)) ==
+							NULL) {
+						return PIANO_RET_OUT_OF_MEMORY;
+					}
+
 					snprintf (xmlSendBuf, sizeof (xmlSendBuf), 
 							"<?xml version=\"1.0\"?><methodCall>"
 							"<methodName>listener.authenticateListener</methodName>"
@@ -250,10 +259,13 @@ PianoReturn_t PianoRequest (PianoHandle_t *ph, PianoRequest_t *req,
 							"<param><value><string>%s</string></value></param>"
 							"<param><value><string>%s</string></value></param>"
 							"</params></methodCall>", (unsigned long) timestamp,
-							logindata->user, logindata->password);
+							logindata->user, xmlencodedPassword);
 					snprintf (req->urlPath, sizeof (req->urlPath), PIANO_RPC_PATH
 							"rid=%s&method=authenticateListener", ph->routeId);
+
+					free (xmlencodedPassword);
 					break;
+				}
 			}
 			break;
 		}
-- 
cgit v1.2.3