Ticket #587 (reopened Defect)

Opened 5 months ago

Last modified 5 months ago

Unescaped ampersands in client_state.xml

Reported by: Nicolas Assigned to: davea
Priority: Minor Milestone: Undetermined
Component: Client - Daemon Version:
Keywords: xml Cc:

Description

PrimeGrid uses scripts to generate input files on the fly. This makes the input files have question marks and ampersands on the URL. The scheduler reply correctly escapes these ampersands as &. But when the client saves the file information on client_state.xml, they get unescaped: 

<file_info>
    <name>psp_sr2sieve_2837737_cmd</name>
    <nbytes>59.000000</nbytes>
    <max_nbytes>0.000000</max_nbytes>
    <status>1</status>
    <url>http://www.primegrid.com/download/psp_sr2sieve_workunit.php?from=3029916000&to=3029916500</url>
</file_info>

This makes client_state non-wellformed XML. (note even Trac XML syntax highlighting is showing the ampersand in red).

Change History

03/29/08 20:49:26 changed by davea

  • status changed from new to closed.
  • resolution set to wontfix.

Does this cause any problems? If not I'm not going to fix it, but will check in the changes if someone else wants to.

03/29/08 23:10:47 changed by Nicolas

  • status changed from closed to reopened.
  • resolution deleted.

Yes, with anyone using a real parser for client_state.xml (addons). It's pretty simple: what is getting saved is not XML (not valid XML at least).

I made a mockup for a debt changing GUI, using HTML, and a PHP script to read my current debts (no better sample data than real data). Immediately stopped working when I attached to PrimeGrid?, because &to is not a valid XML entity.

I detached PrimeGrid?, and it still didn't work, because there were accented characters in a result stderr (Windows gave a localized error message), in ISO-8859-1, but client_state.xml doesn't have a charset declaration, and XML specification says the default is UTF-8. That accented character made it invalid UTF-8.

That is not XML. That is a format that happens to be based in XML and look quite the same, but has no escaping, needs one tag per line, and has no idea how to handle Unicode. Will my client stop working if I edit client_state and remove all newlines? If yes, BOINC isn't really using XML, because newlines shouldn't matter.

If this page is incomplete or incorrect, please edit it or add it to the wiki to-do list. To do this, you must be logged in; click Login or Register above.