Author: markt Date: Wed Apr 25 19:14:28 2007 New Revision: 532571 URL: http://svn.apache.org/viewvc?view=rev&rev=532571 Log: Port XSS fix to 5.0.x (part of CVE-2005-4838).
Modified: tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java Modified: tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java?view=diff&rev=532571&r1=532570&r2=532571 ============================================================================== --- tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java (original) +++ tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java Wed Apr 25 19:14:28 2007 @@ -106,7 +106,8 @@ message = stop(path); } else { message = - sm.getString("managerServlet.unknownCommand", command); + sm.getString("managerServlet.unknownCommand", + RequestUtil.filter(command)); } list(request, response, message); --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]