Author: snoopdave
Date: Sat Aug 3 14:35:46 2013
New Revision: 1510000
URL: http://svn.apache.org/r1510000
Log:
Apply proper escaping.
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsFeedModel.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsModel.java
roller/trunk/app/src/main/webapp/WEB-INF/velocity/feeds.vm
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsFeedModel.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsFeedModel.java?rev=1510000&r1=1509999&r2=1510000&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsFeedModel.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsFeedModel.java
Sat Aug 3 14:35:46 2013
@@ -26,6 +26,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
@@ -51,6 +52,7 @@ import org.apache.roller.weblogger.ui.re
import org.apache.roller.weblogger.ui.rendering.pagers.SearchResultsFeedPager;
import org.apache.roller.weblogger.ui.rendering.util.WeblogFeedRequest;
import org.apache.roller.weblogger.ui.rendering.util.WeblogRequest;
+import org.apache.roller.weblogger.util.Utilities;
/**
* Extends normal page renderer model to represent search results for Atom
@@ -254,7 +256,9 @@ public class SearchResultsFeedModel impl
}
public String getTerm() {
- return (feedRequest.getTerm() == null) ? "" :
feedRequest.getTerm();
+ String query =feedRequest.getTerm() ;
+ return (query == null)
+ ? "" :
StringEscapeUtils.escapeXml(Utilities.escapeHTML(query));
}
public int getHits() {
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsModel.java
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsModel.java?rev=1510000&r1=1509999&r2=1510000&view=diff
==============================================================================
---
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsModel.java
(original)
+++
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsModel.java
Sat Aug 3 14:35:46 2013
@@ -259,8 +259,8 @@ public class SearchResultsModel extends
public String getTerm() {
String query = searchRequest.getQuery();
- return (query == null) ? "" :
StringEscapeUtils.escapeXml(Utilities
- .escapeHTML(query));
+ return (query == null)
+ ? "" :
StringEscapeUtils.escapeXml(Utilities.escapeHTML(query));
}
public String getRawTerm() {
Modified: roller/trunk/app/src/main/webapp/WEB-INF/velocity/feeds.vm
URL:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/velocity/feeds.vm?rev=1510000&r1=1509999&r2=1510000&view=diff
==============================================================================
--- roller/trunk/app/src/main/webapp/WEB-INF/velocity/feeds.vm (original)
+++ roller/trunk/app/src/main/webapp/WEB-INF/velocity/feeds.vm Sat Aug 3
14:35:46 2013
@@ -118,7 +118,7 @@
<entry>
<id>$file.permalink</id>
<title type="html">$utils.escapeXML($file.name)</title>
- <author><name>$file.creator.screenName</name></author>
+
<author><name>$utils.escapeXML($utils.removeHTML($file.creator.screenName))</name></author>
<link rel="alternate" type="text/html" href="$file.permalink"/>
<published>$utils.formatIso8601Date($file.dateUploaded)</published>
<updated>$utils.formatIso8601Date($file.lastUpdated)</updated>
