diff --git a/res/res_pjsip/presence_xml.c b/res/res_pjsip/presence_xml.c index 31e06eba4a..9ed07caa17 100644 --- a/res/res_pjsip/presence_xml.c +++ b/res/res_pjsip/presence_xml.c @@ -43,7 +43,7 @@ void ast_sip_sanitize_xml(const char *input, char *output, size_t len) output[0] = '\0'; - while ((break_point = strpbrk(copy, "<>\"&'"))) { + while ((break_point = strpbrk(copy, "<>\"&'\n\r"))) { char to_escape = *break_point; *break_point = '\0'; @@ -65,6 +65,12 @@ void ast_sip_sanitize_xml(const char *input, char *output, size_t len) case '\'': strncat(output, "'", len); break; + case '\r': + strncat(output, " ", len); + break; + case '\n': + strncat(output, " ", len); + break; }; copy = break_point + 1; diff --git a/res/res_pjsip_pidf_digium_body_supplement.c b/res/res_pjsip_pidf_digium_body_supplement.c index d1b2c6b56f..22cd01be76 100644 --- a/res/res_pjsip_pidf_digium_body_supplement.c +++ b/res/res_pjsip_pidf_digium_body_supplement.c @@ -40,6 +40,7 @@ static int pidf_supplement_body(void *body, void *data) { struct ast_sip_exten_state_data *state_data = data; pj_xml_node *node; + char sanitized[256]; if (ast_strlen_zero(state_data->user_agent) || !strstr(state_data->user_agent, "digium")) { @@ -69,8 +70,8 @@ static int pidf_supplement_body(void *body, void *data) } if (!ast_strlen_zero(state_data->presence_message)) { - pj_strdup2(state_data->pool, &node->content, - state_data->presence_message); + ast_sip_sanitize_xml(state_data->presence_message, sanitized, sizeof(sanitized)); + pj_strdup2(state_data->pool, &node->content, sanitized); } ast_sip_presence_xml_create_attr( @@ -78,9 +79,9 @@ static int pidf_supplement_body(void *body, void *data) state_data->presence_state)); if (!ast_strlen_zero(state_data->presence_subtype)) { + ast_sip_sanitize_xml(state_data->presence_subtype, sanitized, sizeof(sanitized)); ast_sip_presence_xml_create_attr( - state_data->pool, node, "subtype", - state_data->presence_subtype); + state_data->pool, node, "subtype", sanitized); } return 0;