# HG changeset patch # User Adam Chlipala # Date 1281470143 14400 # Node ID 514be09d5018b18115307a26fd203c195b9b0a5e # Parent 43ca083678f83b415ce37f893b005e5e4b40a581 Better UTF-8 escaping for JavaScript and SQL literals diff -r 43ca083678f8 -r 514be09d5018 src/cjr_print.sml --- a/src/cjr_print.sml Tue Aug 10 14:52:33 2010 -0400 +++ b/src/cjr_print.sml Tue Aug 10 15:55:43 2010 -0400 @@ -2128,7 +2128,7 @@ | DPreparedStatements _ => box [] | DJavaScript s => box [string "static char jslib[] = \"", - string (String.toString s), + string (String.toCString s), string "\";"] | DCookie s => box [string "/*", space, @@ -2585,7 +2585,7 @@ prefix ^ s in box [string "if (!strncmp(request, \"", - string (String.toString s), + string (String.toCString s), string "\", ", string (Int.toString (size s)), string ") && (request[", @@ -2761,10 +2761,10 @@ box [string "if (!str", case #kind rule of Settings.Exact => box [string "cmp(s, \"", - string (String.toString (#pattern rule)), + string (String.toCString (#pattern rule)), string "\"))"] | Settings.Prefix => box [string "ncmp(s, \"", - string (String.toString (#pattern rule)), + string (String.toCString (#pattern rule)), string "\", ", string (Int.toString (size (#pattern rule))), string "))"], diff -r 43ca083678f8 -r 514be09d5018 src/jscomp.sml --- a/src/jscomp.sml Tue Aug 10 14:52:33 2010 -0400 +++ b/src/jscomp.sml Tue Aug 10 15:55:43 2010 -0400 @@ -435,7 +435,7 @@ | #"\r" => "\\r" | #"\t" => "\\t" | ch => - if Char.isPrint ch then + if Char.isPrint ch orelse ord ch >= 128 then String.str ch else "\\" ^ padWith (#"0", diff -r 43ca083678f8 -r 514be09d5018 src/mysql.sml --- a/src/mysql.sml Tue Aug 10 14:52:33 2010 -0400 +++ b/src/mysql.sml Tue Aug 10 15:55:43 2010 -0400 @@ -344,7 +344,7 @@ fun stringOf r = case !r of NONE => string "NULL" | SOME s => box [string "\"", - string (String.toString s), + string (String.toCString s), string "\""] in app (fn s => @@ -477,7 +477,7 @@ newline, string "if (mysql_stmt_prepare(stmt, \"", - string (String.toString s), + string (String.toCString s), string "\", ", string (Int.toString (size s)), string ")) {", @@ -974,7 +974,7 @@ else box [], string "if (mysql_stmt_prepare(stmt, \"", - string (String.toString query), + string (String.toCString query), string "\", ", string (Int.toString (size query)), string ")) {", @@ -1185,7 +1185,7 @@ newline, queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", - string (String.toString query), + string (String.toCString query), string "\""]}, if nested then @@ -1276,7 +1276,7 @@ string "if (stmt == NULL) uw_error(ctx, FATAL, \"Out of memory allocating prepared statement\");", newline, string "if (mysql_stmt_prepare(stmt, \"", - string (String.toString dml), + string (String.toCString dml), string "\", ", string (Int.toString (size dml)), string ")) {", @@ -1470,7 +1470,7 @@ newline, dmlCommon {loc = loc, dml = box [string "\"", - string (String.toString dml), + string (String.toCString dml), string "\""]}] fun nextval {loc, seqE, seqName} = @@ -1514,7 +1514,7 @@ (ErrorMsg.error "Non-printing character found in SQL string literal"; "")) - (String.toString s) ^ "'" + (String.toCString s) ^ "'" fun p_cast (s, _) = s diff -r 43ca083678f8 -r 514be09d5018 src/postgres.sml --- a/src/postgres.sml Tue Aug 10 14:52:33 2010 -0400 +++ b/src/postgres.sml Tue Aug 10 15:55:43 2010 -0400 @@ -331,7 +331,7 @@ box [string "res = PQprepare(conn, \"uw", string (Int.toString i), string "\", \"", - string (String.toString s), + string (String.toCString s), string "\", ", string (Int.toString n), string ", NULL);", @@ -349,7 +349,7 @@ string "PQfinish(conn);", newline, string "uw_error(ctx, FATAL, \"Unable to create prepared statement:\\n", - string (String.toString s), + string (String.toCString s), string "\\n%s\", msg);", newline], string "}", @@ -473,7 +473,7 @@ string "static void uw_db_init(uw_context ctx) {", newline, string "PGconn *conn = PQconnectdb(\"", - string (String.toString dbstring), + string (String.toCString dbstring), string "\");", newline, string "if (conn == NULL) uw_error(ctx, FATAL, ", @@ -698,14 +698,14 @@ string ", paramValues, paramLengths, paramFormats, 0);"] else box [string "PQexecParams(conn, \"", - string (String.toString query), + string (String.toCString query), string "\", ", string (Int.toString (length inputs)), string ", NULL, paramValues, paramLengths, paramFormats, 0);"], newline, newline, queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", - string (String.toString query), + string (String.toCString query), string "\""]}] fun dmlCommon {loc, dml} = @@ -779,14 +779,14 @@ string ", paramValues, paramLengths, paramFormats, 0);"] else box [string "PQexecParams(conn, \"", - string (String.toString dml), + string (String.toCString dml), string "\", ", string (Int.toString (length inputs)), string ", NULL, paramValues, paramLengths, paramFormats, 0);"], newline, newline, dmlCommon {loc = loc, dml = box [string "\"", - string (String.toString dml), + string (String.toCString dml), string "\""]}] fun nextvalCommon {loc, query} = @@ -863,12 +863,12 @@ string "\", 0, NULL, NULL, NULL, 0);"] else box [string "PQexecParams(conn, \"", - string (String.toString query), + string (String.toCString query), string "\", 0, NULL, NULL, NULL, NULL, 0);"], newline, newline, nextvalCommon {loc = loc, query = box [string "\"", - string (String.toString query), + string (String.toCString query), string "\""]}] fun setvalCommon {loc, query} = @@ -921,7 +921,7 @@ else "\\" ^ StringCvt.padLeft #"0" 3 (Int.fmt StringCvt.OCT (ord ch))) - (String.toString s) ^ "'::text" + (String.toCString s) ^ "'::text" fun p_cast (s, t) = s ^ "::" ^ p_sql_type t diff -r 43ca083678f8 -r 514be09d5018 src/sqlite.sml --- a/src/sqlite.sml Tue Aug 10 14:52:33 2010 -0400 +++ b/src/sqlite.sml Tue Aug 10 15:55:43 2010 -0400 @@ -230,7 +230,7 @@ newline] in box [string "if (sqlite3_prepare_v2(conn->conn, \"", - string (String.toString s), + string (String.toCString s), string "\", -1, &conn->p", string (Int.toString i), string ", NULL) != SQLITE_OK) {", @@ -242,7 +242,7 @@ string "msg[1023] = 0;", newline, uhoh false ("Error preparing statement: " - ^ String.toString s ^ "
%s") ["msg"]], + ^ String.toCString s ^ "
%s") ["msg"]], string "}", newline] end) @@ -651,9 +651,9 @@ newline], string "if (sqlite3_prepare_v2(conn->conn, \"", - string (String.toString query), + string (String.toCString query), string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", - string (String.toString query), + string (String.toCString query), string "
%s\", sqlite3_errmsg(conn->conn));", newline, if nested then @@ -677,7 +677,7 @@ newline, queryCommon {loc = loc, cols = cols, doCols = doCols, query = box [string "\"", - string (String.toString query), + string (String.toCString query), string "\""]}, string "uw_pop_cleanup(ctx);", @@ -739,9 +739,9 @@ string "if (stmt == NULL) {", newline, box [string "if (sqlite3_prepare_v2(conn->conn, \"", - string (String.toString dml), + string (String.toCString dml), string "\", -1, &stmt, NULL) != SQLITE_OK) uw_error(ctx, FATAL, \"Error preparing statement: ", - string (String.toString dml), + string (String.toCString dml), string "
%s\", sqlite3_errmsg(conn->conn));", newline, string "conn->p", @@ -760,7 +760,7 @@ newline, dmlCommon {loc = loc, dml = box [string "\"", - string (String.toString dml), + string (String.toCString dml), string "\""]}, string "uw_pop_cleanup(ctx);", @@ -800,14 +800,9 @@ fun setval _ = raise Fail "SQLite.setval called" fun sqlifyString s = "'" ^ String.translate (fn #"'" => "''" - | ch => - if Char.isPrint ch then - str ch - else - (ErrorMsg.error - "Non-printing character found in SQL string literal"; - "")) - (String.toString s) ^ "'" + | #"\000" => "" + | ch => str ch) + s ^ "'" fun p_cast (s, _) = s diff -r 43ca083678f8 -r 514be09d5018 src/urweb.lex --- a/src/urweb.lex Tue Aug 10 14:52:33 2010 -0400 +++ b/src/urweb.lex Tue Aug 10 15:55:43 2010 -0400 @@ -173,7 +173,7 @@ intconst = [0-9]+; realconst = [0-9]+\.[0-9]*; notags = [^<{\n(]+; -xcom = ([^-]|(-[^-]))+; +xcom = ([^\-]|(-[^\-]))+; oint = [0-9][0-9][0-9]; xint = x[0-9a-fA-F][0-9a-fA-F];