share/http/js/*.js: escape inputs in vlm commands
"\n"+
"# Background options\n"+
"new bg broadcast enabled\n"+
"\n"+
"# Background options\n"+
"new bg broadcast enabled\n"+
-"setup bg input " + value( 'mosaic_bg_input' ) + "\n";
+"setup bg input " + sanitize_input( value( 'mosaic_bg_input' ) ) + "\n";
if( value( 'mosaic_output' ) )
{
code.value +=
if( value( 'mosaic_output' ) )
{
code.value +=
var s = cells[id];
code.value +=
"new " + s + " broadcast enabled\n"+
var s = cells[id];
code.value +=
"new " + s + " broadcast enabled\n"+
-"setup " + s + " input " + streams[s] + "\n"+
+"setup " + s + " input " + sanitize_input( streams[s] ) + "\n"+
"setup " + s + " output #duplicate{dst=mosaic-bridge{id=" + s + ",width="+cell_width+",height="+cell_height+"},select=video,dst=bridge-out,select=audio}\n"+
"\n";
}
"setup " + s + " output #duplicate{dst=mosaic-bridge{id=" + s + ",width="+cell_width+",height="+cell_height+"},select=video,dst=bridge-out,select=audio}\n"+
"\n";
}
+function sanitize_input( str )
+{
+ return str.replace( /\\/g, '\\\\').replace( /\'/g, '\\\'' ).replace( /\"/g, '\\\"' ).replace( /^/, '"' ).replace( /$/, '"' );
+}
+
function update_vlm_add_broadcast()
{
var cmd = document.getElementById( 'vlm_command' );
function update_vlm_add_broadcast()
{
var cmd = document.getElementById( 'vlm_command' );
if( value( 'vlm_broadcast_input' ) )
{
if( value( 'vlm_broadcast_input' ) )
{
- cmd.value += " input " + value( 'vlm_broadcast_input' );
+ cmd.value += " input " + sanitize_input( value( 'vlm_broadcast_input' ) );
}
if( value( 'vlm_broadcast_output' ) )
}
if( value( 'vlm_broadcast_output' ) )
if( value( 'vlm_vod_input' ) )
{
if( value( 'vlm_vod_input' ) )
{
- cmd.value += " input " + value( 'vlm_vod_input' );
+ cmd.value += " input " + sanitize_input( value( 'vlm_vod_input' ) );
}
if( value( 'vlm_vod_output' ) )
}
if( value( 'vlm_vod_output' ) )
function vlm_add_input( name, input )
{
function vlm_add_input( name, input )
{
- document.getElementById( 'vlm_command' ).value = "setup "+name+" input "+input;
+ document.getElementById( 'vlm_command' ).value = "setup "+name+" input "+sanitize_input( input );
vlm_cmd( value( 'vlm_command' ) );
}
vlm_cmd( value( 'vlm_command' ) );
}
- while( ( *psz_sent != '\"' ) && ( *psz_sent != '\0' ) )
+ while( ( *psz_sent != '\"' || b_escape == VLC_TRUE )
+ && ( *psz_sent != '\0' ) )
{
if( *psz_sent == '\'' && b_escape == VLC_FALSE )
{
{
if( *psz_sent == '\'' && b_escape == VLC_FALSE )
{
- while( ( *psz_sent != '\'' ) && ( *psz_sent != '\0' ) )
+ while( ( *psz_sent != '\'' || b_escape == VLC_TRUE )
+ && ( *psz_sent != '\0' ) )
{
if( *psz_sent == '\"' && b_escape == VLC_FALSE )
{
{
if( *psz_sent == '\"' && b_escape == VLC_FALSE )
{