>From 1d5e1378e49ee8fde8f7accffff3451c6993d2fe Mon Sep 17 00:00:00 2001
From: Vadim Zeitlin <address@hidden>
Date: Thu, 27 Aug 2015 20:08:51 +0200
Subject: [PATCH] Escape special characters in group quotes report to preserve
 them in HTML.

Avoid possible data loss in or corruption of the generated report if any
special XML characters occurred in any fields inserted into it.
---
 group_quote_pdf_gen_wx.cpp | 47 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 9 deletions(-)

diff --git a/group_quote_pdf_gen_wx.cpp b/group_quote_pdf_gen_wx.cpp
index bb769d6..3148ae7 100644
--- a/group_quote_pdf_gen_wx.cpp
+++ b/group_quote_pdf_gen_wx.cpp
@@ -63,6 +63,35 @@ enum enum_output_mode
     ,e_output_measure_only
     };
 
+/// Escape special XML characters in the given string, ensuring that it appears
+/// correctly inside HTML element contents. Notice that we don't need to escape
+/// quotes here as we never use the result of this function inside an HTML
+/// attribute, only inside HTML elements.
+
+wxString escape_for_html_elem(std::string const& s)
+{
+    wxString esc;
+    esc.reserve(s.length());
+    for(std::string::const_iterator ci = s.begin(); ci != s.end(); ++ci)
+        {
+        switch(*ci)
+            {
+            case '<':
+                esc += "&lt;";
+                break;
+            case '>':
+                esc += "&gt;";
+                break;
+            case '&':
+                esc += "&amp;";
+                break;
+            default:
+                esc += *ci;
+            }
+        }
+    return esc;
+}
+
 /// Load the image from the given file. Throw on failure.
 
 wxImage load_image(char const* file)
@@ -731,9 +760,9 @@ void group_quote_pdf_generator_wx::do_generate_pdf(wxPdfDC& pdf_dc)
          "<td align=\"center\"><i>Prepared By: %s</i></td>"
          "</tr>"
          "</table>"
-        ,report_data_.company_
+        ,escape_for_html_elem(report_data_.company_)
         ,wxDateTime::Today().FormatDate()
-        ,report_data_.prepared_by_
+        ,escape_for_html_elem(report_data_.prepared_by_)
         );
 
     output_html(html_parser, horz_margin, *pos_y, page_.width_ / 2, title_html);
@@ -771,12 +800,12 @@ void group_quote_pdf_generator_wx::do_generate_pdf(wxPdfDC& pdf_dc)
          "</tr>"
          "</table>"
         ,wxDateTime::Today().FormatDate()
-        ,report_data_.plan_type_
-        ,report_data_.guarantee_issue_max_
-        ,report_data_.premium_mode_
-        ,report_data_.product_
-        ,report_data_.contract_state_
-        ,report_data_.available_riders_
+        ,escape_for_html_elem(report_data_.plan_type_)
+        ,escape_for_html_elem(report_data_.guarantee_issue_max_)
+        ,escape_for_html_elem(report_data_.premium_mode_)
+        ,escape_for_html_elem(report_data_.product_)
+        ,escape_for_html_elem(report_data_.contract_state_)
+        ,escape_for_html_elem(report_data_.available_riders_)
         ,row_num_ - 1 // "- 1": don't count the composite.
         );
 
@@ -913,7 +942,7 @@ void group_quote_pdf_generator_wx::do_generate_pdf(wxPdfDC& pdf_dc)
         *pos_y += logo_image.GetSize().y + vert_skip;
         }
 
-    wxString const footer_html = "<p>" + report_data_.footer_ + "</p>";
+    wxString const footer_html = "<p>" + escape_for_html_elem(report_data_.footer_) + "</p>";
 
     *pos_y += output_html
         (html_parser
-- 
2.1.0