commit 9a5755ac98dbbd12bd07684252a4637a7cfe9a11
parent 3d67634f89650efbdc05ee5a2bf623111266cf15
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 25 Feb 2026 23:32:55 +0100
must escape payto URIs due to '&', fixes #11156
Diffstat:
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/exchange/taler-exchange-httpd_aml-accounts-get.c b/src/exchange/taler-exchange-httpd_aml-accounts-get.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2024, 2025 Taler Systems SA
+ Copyright (C) 2024, 2025, 2026 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
@@ -42,7 +42,7 @@
"File number,Customer,Comments,Risky,Acquisition date,Exit date\r\n"
#define CSV_FOOTER "\r\n"
-#define XML_HEADER "<?xml version=\"1.0\"?>" \
+#define XML_HEADER "<?xml version=\"1.0\" encoding=\"UTF 8\"?>" \
"<Workbook xmlns=\"urn:schemas-microsoft-com:office:spreadsheet\"" \
" xmlns:c=\"urn:schemas-microsoft-com:office:component:spreadsheet\"" \
" xmlns:html=\"http://www.w3.org/TR/REC-html40\"" \
@@ -188,12 +188,14 @@ record_cb (
return;
case RCF_XML:
{
+ char *epayto;
char *ecomments = NULL;
char opentime_s[128];
char closetime_s[128];
const struct tm *tm;
time_t tt;
+ epayto = TALER_excape_xml (payto.full_payto);
if ( (NULL == comments) &&
(GNUNET_TIME_absolute_is_never (open_time.abs_time)) )
comments =
@@ -222,7 +224,7 @@ record_cb (
"<Cell ss:StyleID=\"DateFormat\"><Data ss:Type=\"%s\">%s</Data></Cell>"
"</Row>\n",
(unsigned long long) row_id,
- payto.full_payto,
+ epayto,
NULL == ecomments
? ""
: ecomments,
@@ -241,6 +243,7 @@ record_cb (
? "never"
: closetime_s);
GNUNET_free (ecomments);
+ GNUNET_free (epayto);
break;
} /* end case RCF_XML */
case RCF_CSV:
@@ -268,7 +271,7 @@ record_cb (
ecomments[wpos++] = comments[off];
}
GNUNET_buffer_write_fstr (&rc->details.csv,
- "%llu,%s,\"%s\",%s,%s,%s\r\n",
+ "%llu,\"%s\",\"%s\",%s,%s,%s\r\n",
(unsigned long long) row_id,
payto.full_payto,
ecomments,
