Author: markt Date: Wed Jun 13 19:12:04 2007 New Revision: 547082 URL: http://svn.apache.org/viewvc?view=rev&rev=547082 Log: Port fix for XSS issue in Manager and Host Manager. This is CVE-2007-2450.
Modified: tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java tomcat/container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java Modified: tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java?view=diff&rev=547082&r1=547081&r2=547082 ============================================================================== --- tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java (original) +++ tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java Wed Jun 13 19:12:04 2007 @@ -32,6 +32,7 @@ import org.apache.catalina.Container; import org.apache.catalina.Host; +import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.ServerInfo; /** @@ -195,7 +196,11 @@ // Message Section args = new Object[3]; args[0] = sm.getString("htmlHostManagerServlet.messageLabel"); - args[1] = (message == null || message.length() == 0) ? "OK" : message; + if (message == null || message.length() == 0) { + args[1] = "OK"; + } else { + args[1] = RequestUtil.filter(message); + } writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args)); // Manager Section Modified: tomcat/container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java?view=diff&rev=547082&r1=547081&r2=547082 ============================================================================== --- tomcat/container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java (original) +++ tomcat/container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java Wed Jun 13 19:12:04 2007 @@ -107,8 +107,7 @@ message = stop(path); } else { message = - sm.getString("managerServlet.unknownCommand", - RequestUtil.filter(command)); + sm.getString("managerServlet.unknownCommand", command); } list(request, response, message); @@ -282,7 +281,11 @@ // Message Section args = new Object[3]; args[0] = sm.getString("htmlManagerServlet.messageLabel"); - args[1] = (message == null || message.length() == 0) ? "OK" : message; + if (message == null || message.length() == 0) { + args[1] = "OK"; + } else { + args[1] = RequestUtil.filter(message); + } writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args)); // Manager Section --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]