From b32558393fb6cc5f8c04304e74f8dc20e556792b Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Wed, 19 Nov 2008 05:02:13 +0000
Subject: Don't forget to escape XML in attributes. Thanks to the Postgres
 Q&amp;A room on conference.jabber.org :)

---
 util/stanza.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'util/stanza.lua')

diff --git a/util/stanza.lua b/util/stanza.lua
index 5a6ba8c5..36e07317 100644
--- a/util/stanza.lua
+++ b/util/stanza.lua
@@ -103,7 +103,7 @@ function stanza_mt.__tostring(t)
 
 	local attr_string = "";
 	if t.attr then
-		for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end
+		for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end
 	end
 	return s_format("<%s%s>%s</%s>", t.name, attr_string, children_text, t.name);
 end
@@ -111,7 +111,7 @@ end
 function stanza_mt.top_tag(t)
 	local attr_string = "";
 	if t.attr then
-		for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, tostring(v)); end end
+		for k, v in pairs(t.attr) do if type(k) == "string" then attr_string = attr_string .. s_format(" %s='%s'", k, xml_escape(tostring(v))); end end
 	end
 	return s_format("<%s%s>", t.name, attr_string);
 end
-- 
cgit v1.2.3


From 208dde8105928404941a6341ff7cdbedff6adb7c Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Sat, 22 Nov 2008 19:07:41 +0000
Subject: Add helper function for adding message bodies to stanzas

---
 util/stanza.lua | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'util/stanza.lua')

diff --git a/util/stanza.lua b/util/stanza.lua
index 36e07317..df0d43ff 100644
--- a/util/stanza.lua
+++ b/util/stanza.lua
@@ -30,6 +30,11 @@ end
 function stanza_mt:query(xmlns)
 	return self:tag("query", { xmlns = xmlns });
 end
+
+function stanza_mt:body(text, attr)
+	return self:tag("body", attr):text(text);
+end
+
 function stanza_mt:tag(name, attrs)
 	local s = stanza(name, attrs);
 	(self.last_add[#self.last_add] or self):add_direct_child(s);
-- 
cgit v1.2.3