Found this while revising the previous patch to use xpath rather
than strstr for undoing the escapse.
* tools/virsh.c (cmdSnapshotCreateAs): Escape user input.
---
tools/virsh.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index fd64020..52a15bc 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -11963,9 +11963,9 @@ cmdSnapshotCreateAs(vshControl *ctl, const vshCmd *cmd)
virBufferAddLit(&buf, "<domainsnapshot>\n");
if (name)
- virBufferAsprintf(&buf, " <name>%s</name>\n", name);
+ virBufferEscapeString(&buf, " <name>%s</name>\n", name);
if (desc)
- virBufferAsprintf(&buf, " <description>%s</description>\n", desc);
+ virBufferEscapeString(&buf, " <description>%s</description>\n", desc);
virBufferAddLit(&buf, "</domainsnapshot>\n");
buffer = virBufferContentAndReset(&buf);
--
1.7.4.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list