RTC Forums
November 24, 2024, 08:25:00 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: XML-RPC Support - Possible Bug in EncodeXMLrpc  (Read 5929 times)
Ryan
RTC Expired
*
Posts: 15


« on: November 07, 2014, 02:34:13 PM »

Hi Danijel,

I hope this message finds you well. I just wanted to let you know I think I've found a bug in the function EncodeXMLrpc. When sending data between an RTC Server and c# XML-RPC client a string containing XML data will fail because the greater than character '>' isn't being escaped.

The current function looks like this:

Code:
function EncodeXMLrpc(const s:RtcString):RtcString;
  var
    a,b:integer;
  begin
  Result:='';
  b:=length(s);
  for a:=1 to length(s) do
    case s[a] of
      '<':Inc(b,3);
      '&':Inc(b,4);
      end;
  SetLength(Result,b);
  b:=1;
  for a:=1 to length(s) do
    case s[a] of
      '<':begin
          Result[b]:='&';
          Result[b+1]:='l';
          Result[b+2]:='t';
          Result[b+3]:=';';
          Inc(b,4);
          end;
      '&':begin
          Result[b]:='&';
          Result[b+1]:='a';
          Result[b+2]:='m';
          Result[b+3]:='p';
          Result[b+4]:=';';
          Inc(b,5);
          end;
      else
          begin
          Result[b]:=s[a];
          Inc(b);
          end;
      end;
  end;

And the corrected function should look like this:

Code:
function EncodeXMLrpc(const s:RtcString):RtcString;
  var
    a,b:integer;
  begin
  Result:='';
  b:=length(s);
  for a:=1 to length(s) do
    case s[a] of
      '<':Inc(b,3);
      '>':Inc(b,3);
      '&':Inc(b,4);
      #39:Inc(b,6);
      '"':Inc(b,5);
      end;
  SetLength(Result,b);
  b:=1;
  for a:=1 to length(s) do
    case s[a] of
      '<':begin
          Result[b]:='&';
          Result[b+1]:='l';
          Result[b+2]:='t';
          Result[b+3]:=';';
          Inc(b,4);
          end;
      '>':begin
          Result[b]:='&';
          Result[b+1]:='g';
          Result[b+2]:='t';
          Result[b+3]:=';';
          Inc(b,4);
          end;
      '&':begin
          Result[b]:='&';
          Result[b+1]:='a';
          Result[b+2]:='m';
          Result[b+3]:='p';
          Result[b+4]:=';';
          Inc(b,5);
          end;
      #39:begin
          Result[b]:='&';
          Result[b+1]:='a';
          Result[b+2]:='p';
          Result[b+3]:='o';
          Result[b+4]:='s';
          Result[b+5]:='s';
          Result[b+6]:=';';
          Inc(b,7);
          end;
      '"':begin
          Result[b]:='&';
          Result[b+1]:='q';
          Result[b+2]:='u';
          Result[b+3]:='o';
          Result[b+4]:='t';
          Result[b+5]:=';';
          Inc(b,6);
          end;
      else
          begin
          Result[b]:=s[a];
          Inc(b);
          end;
      end;
  end;

I hope this helps.

Many thanks for all your efforts and the support you have given me in the past.

Kind regards,
Ryan
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #1 on: November 08, 2014, 11:58:54 AM »

Thank you for reporting this. I will update the EncodeXMLrpc function in the next RTC Update to include the >, " and ' characters as well. But I see that you are escaping the ' character as &aposs; (with 2 s) instead of &apos; (only 1 s), which could cause problems with some XML decoders. Here is the updated XML Encoder function:

Code:
function EncodeXMLrpc(const s:RtcString):RtcString;
  var
    a,b:integer;
  begin
  Result:='';
  b:=length(s);
  for a:=1 to length(s) do
    case s[a] of
      '<':Inc(b,3);
      '>':Inc(b,3);
      '&':Inc(b,4);
      #39:Inc(b,5);
      '"':Inc(b,5);
      end;
  SetLength(Result,b);
  b:=1;
  for a:=1 to length(s) do
    case s[a] of
      '<':begin
          Result[b]:='&';
          Result[b+1]:='l';
          Result[b+2]:='t';
          Result[b+3]:=';';
          Inc(b,4);
          end;
      '>':begin
          Result[b]:='&';
          Result[b+1]:='g';
          Result[b+2]:='t';
          Result[b+3]:=';';
          Inc(b,4);
          end;
      '&':begin
          Result[b]:='&';
          Result[b+1]:='a';
          Result[b+2]:='m';
          Result[b+3]:='p';
          Result[b+4]:=';';
          Inc(b,5);
          end;
      #39:begin
          Result[b]:='&';
          Result[b+1]:='a';
          Result[b+2]:='p';
          Result[b+3]:='o';
          Result[b+4]:='s';
          Result[b+5]:=';';
          Inc(b,6);
          end;
      '"':begin
          Result[b]:='&';
          Result[b+1]:='q';
          Result[b+2]:='u';
          Result[b+3]:='o';
          Result[b+4]:='t';
          Result[b+5]:=';';
          Inc(b,6);
          end;
      else
          begin
          Result[b]:=s[a];
          Inc(b);
          end;
      end;
  end;

PS. The XML-RPC format only specifies that the & and < characters have to be escaped inside strings, so the problem is actually in the C# decoder. But there's no harm in escaping the >, " and ' characters as well, if that makes RTC compatible with more XML-RPC implementations.

Best Regards,
Danijel Tkalcec
Logged
Ryan
RTC Expired
*
Posts: 15


« Reply #2 on: November 08, 2014, 02:37:54 PM »

Hi Danijel,

Thanks for spotting my mistake and the corrected code. Once I have this project done I'll look at the c# XML-RPC decoder and see why it wants the > character escaped if its isn't part of the specification.

Take care,
Ryan
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #3 on: November 08, 2014, 03:07:41 PM »

Reading the XML-RPC specification again, I'm not sure anymore that it would be harmless to escape additional characters in XML-RPC strings, since the specification says that "Any characters are allowed in a string except < and &, which are encoded as &lt; and &amp;. A string can be used to encode binary data." So ... escaping additional characteres might cause issues with XML-RPC decoders which work strictly based on the specification and do NOT know how to decode characters other than < and &.

Here is the complete XML-RPC specification:
http://xmlrpc.scripting.com/spec.html

To keep the XML-RPC Encoder compatible with minimalistic Decoders, while at the same time making it compatible with Decoder you are currently using, I will be adding a new global variable RTC_XMLRPC_GreaterStringEncode to control the behavior of the XML-RPC encoder in RTC. By default, that variable will be set to FALSE, so the XML-RPC Encoder in RTC will continue working as before (strictly based on the XML-RPC specification). But you will be able to set that variable to TRUE anywhere in your code (for example, in the Main form constructor) to change its behavior to also encode >, " and ' characters.

Best Regards,
Danijel Tkalcec
Logged
Ryan
RTC Expired
*
Posts: 15


« Reply #4 on: November 08, 2014, 04:04:25 PM »

Hi Danijel,

Once again many thanks for the feedback. I'll look into the decoder in more detail to see what is going on. The extra flag sounds good but as the issue only affects me I'm happy to manually patch my copy of RTC to work around the issue. Reading the website you have posted I can see why the change might break things.

Once I get a bit more breathing space I'll be able to look into the decoder in more detail as I have the full source for it. I'm just trying to get a "proof of concept" working at the moment.

Take care,
Ryan
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #5 on: November 08, 2014, 04:29:44 PM »

I've uploaded RTC SDK v6.43, extending the XML-RPC encoder to support decoders which require encoding of the >, " or ' characters. By default, the XML-RPC encoder will continue working as before, strictly following the XML-RPC specification, so the update won't break anything for other developers. But if you need the XML-RPC encoder to also encode the > character (possibly breaking compatibility with minimalistic XML-RPC decoders), you can now set the RTC_XMLRPC_GreaterStringEncode variable to TRUE somewhere in your code (as explained in my reply above), without making changes to RTC code.

Best Regards,
Danijel Tkalcec
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.027 seconds with 17 queries.