cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java
markt 2005/01/05 03:54:37
Modified:catalina/src/share/org/apache/catalina/servlets
HTMLManagerServlet.java ManagerServlet.java
Log:
Fix trivial (since it is within the manager web app that should not be
publically accessible) XSS issue.
- Ported from TC5.
Revision ChangesPath
1.19 +4 -2
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java
Index: HTMLManagerServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- HTMLManagerServlet.java 26 Aug 2004 21:38:13 - 1.18
+++ HTMLManagerServlet.java 5 Jan 2005 11:54:37 - 1.19
@@ -34,6 +34,7 @@
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Context;
import org.apache.catalina.Host;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.DiskFileUpload;
@@ -110,7 +111,8 @@
message = stop(path);
} else {
message =
-sm.getString(managerServlet.unknownCommand, command);
+sm.getString(managerServlet.unknownCommand,
+ RequestUtil.filter(command));
}
list(request, response, message);
1.35 +26 -14
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java
Index: ManagerServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- ManagerServlet.java 26 Aug 2004 21:38:13 - 1.34
+++ ManagerServlet.java 5 Jan 2005 11:54:37 - 1.35
@@ -53,6 +53,7 @@
import org.apache.catalina.UserDatabase;
import org.apache.catalina.Wrapper;
import org.apache.catalina.core.StandardServer;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.StringManager;
import org.apache.naming.resources.ProxyDirContext;
@@ -455,7 +456,8 @@
// Validate the requested context path
if ((path == null) || path.length() == 0 || !path.startsWith(/)) {
-writer.println(sm.getString(managerServlet.invalidPath, path));
+writer.println(sm.getString(managerServlet.invalidPath,
+RequestUtil.filter(path)));
return;
}
String displayPath = path;
@@ -644,7 +646,7 @@
if (path == null || path.length() == 0 || !path.startsWith(/))
{
writer.println(sm.getString(managerServlet.invalidPath,
-path));
+RequestUtil.filter(path)));
return;
}
String displayPath = path;
@@ -724,7 +726,8 @@
log(restart: Reloading web application at ' + path + ');
if ((path == null) || (!path.startsWith(/) path.equals())) {
-writer.println(sm.getString(managerServlet.invalidPath, path));
+writer.println(sm.getString(managerServlet.invalidPath,
+RequestUtil.filter(path)));
return;
}
String displayPath = path;
@@ -773,7 +776,8 @@
log(remove: Removing web application at ' + path + ');
if ((path == null) || (!path.startsWith(/) path.equals())) {
-writer.println(sm.getString(managerServlet.invalidPath, path));
+writer.println(sm.getString(managerServlet.invalidPath,
+RequestUtil.filter(path)));
return;
}
String displayPath = path;
@@ -783,7 +787,8 @@
try {
Context context = deployer.findDeployedApp(path);
if (context == null) {
-writer.println(sm.getString(managerServlet.noContext,
displayPath));
+writer.println(sm.getString(managerServlet.noContext,
+
RequestUtil.filter(displayPath)));
return;
}
// It isn't possible for the manager to remove itself
@@ -977,7 +982,8 @@
log(sessions: Session information for web application at ' +
path + ');
if ((path == null) || (!path.startsWith(/) path.equals())) {
-
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java
amyroh 2002/09/12 00:07:28 Modified:catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java Log: Minor tab fixes. Revision ChangesPath 1.11 +6 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java Index: HTMLManagerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- HTMLManagerServlet.java 10 Sep 2002 03:31:16 - 1.10 +++ HTMLManagerServlet.java 12 Sep 2002 07:07:27 - 1.11 @@ -128,8 +128,8 @@ // Prepare our output writer to generate the response message response.setContentType(text/html); - Locale locale = Locale.getDefault(); - response.setLocale(locale); +Locale locale = Locale.getDefault(); +response.setLocale(locale); PrintWriter writer = response.getWriter(); // Process the requested command 1.27 +8 -8 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java Index: ManagerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- ManagerServlet.java 10 Sep 2002 03:31:16 - 1.26 +++ ManagerServlet.java 12 Sep 2002 07:07:27 - 1.27 @@ -331,8 +331,8 @@ // Prepare our output writer to generate the response message response.setContentType(text/plain); - Locale locale = Locale.getDefault(); - response.setLocale(locale); +Locale locale = Locale.getDefault(); +response.setLocale(locale); PrintWriter writer = response.getWriter(); // Process the requested command (note - /deploy is not listed here) @@ -396,8 +396,8 @@ // Prepare our output writer to generate the response message response.setContentType(text/plain); - Locale locale = Locale.getDefault(); - response.setLocale(locale); +Locale locale = Locale.getDefault(); +response.setLocale(locale); PrintWriter writer = response.getWriter(); // Process the requested command -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java
bip 01/05/27 14:09:11
Modified:catalina/src/share/org/apache/catalina/servlets
ManagerServlet.java
Added: catalina/src/share/org/apache/catalina/servlets
HTMLManagerServlet.java
Log:
Changed ManagerServlet to allow for subclassing.
Added HTMLManagerServlet which is a ManagerServlet with
a extended HTML interface to allow for easier administration.
Revision ChangesPath
1.6 +130 -128
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java
Index: ManagerServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ManagerServlet.java 2001/05/14 00:02:32 1.5
+++ ManagerServlet.java 2001/05/27 21:09:11 1.6
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v
1.5 2001/05/14 00:02:32 craigmcc Exp $
- * $Revision: 1.5 $
- * $Date: 2001/05/14 00:02:32 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v
1.6 2001/05/27 21:09:11 bip Exp $
+ * $Revision: 1.6 $
+ * $Date: 2001/05/27 21:09:11 $
*
*
*
@@ -152,10 +152,10 @@
* /ul
*
* @author Craig R. McClanahan
- * @version $Revision: 1.5 $ $Date: 2001/05/14 00:02:32 $
+ * @version $Revision: 1.6 $ $Date: 2001/05/27 21:09:11 $
*/
-public final class ManagerServlet
+public class ManagerServlet
extends HttpServlet implements ContainerServlet {
@@ -165,13 +165,13 @@
/**
* The Context container associated with our web application.
*/
-private Context context = null;
+protected Context context = null;
/**
* The debugging detail level for this servlet.
*/
-private int debug = 1;
+protected int debug = 1;
/**
@@ -179,20 +179,20 @@
* along with the associated Contexts for web applications that we
* are managing.
*/
-private Deployer deployer = null;
+protected Deployer deployer = null;
/**
* The string manager for this package.
*/
-private static StringManager sm =
- StringManager.getManager(Constants.Package);
+protected static StringManager sm =
+ StringManager.getManager(Constants.Package);
/**
* The Wrapper container associated with this servlet.
*/
-private Wrapper wrapper = null;
+protected Wrapper wrapper = null;
// --- ContainerServlet Methods
@@ -250,46 +250,46 @@
* @exception ServletException if a servlet-specified error occurs
*/
public void doGet(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException {
+ HttpServletResponse response)
+throws IOException, ServletException {
- // Identify the request parameters that we need
- String command = request.getPathInfo();
- if (command == null)
- command = request.getServletPath();
- String path = request.getParameter(path);
- String war = request.getParameter(war);
-
- // Prepare our output writer to generate the response message
- response.setContentType(text/plain);
- PrintWriter writer = response.getWriter();
-
- // Process the requested command
- if (command == null) {
- writer.println(sm.getString(managerServlet.noCommand));
- } else if (command.equals(/install)) {
- install(writer, path, war);
- } else if (command.equals(/list)) {
- list(writer);
- } else if (command.equals(/reload)) {
- reload(writer, path);
- } else if (command.equals(/remove)) {
- remove(writer, path);
+// Identify the request parameters that we need
+String command = request.getPathInfo();
+if (command == null)
+command = request.getServletPath();
+String path = request.getParameter(path);
+String war = request.getParameter(war);
+
+// Prepare our output writer to generate the response message
+response.setContentType(text/plain);
+PrintWriter writer = response.getWriter();
+
+// Process the requested command
+if (command == null) {
+writer.println(sm.getString(managerServlet.noCommand));
+} else if (command.equals(/install)) {
+install(writer, path, war);
+}
