cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java
markt 2005/01/05 03:54:37 Modified:catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java Log: Fix trivial (since it is within the manager web app that should not be publically accessible) XSS issue. - Ported from TC5. Revision ChangesPath 1.19 +4 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java Index: HTMLManagerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- HTMLManagerServlet.java 26 Aug 2004 21:38:13 - 1.18 +++ HTMLManagerServlet.java 5 Jan 2005 11:54:37 - 1.19 @@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.catalina.Context; import org.apache.catalina.Host; +import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.ServerInfo; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.DiskFileUpload; @@ -110,7 +111,8 @@ message = stop(path); } else { message = -sm.getString(managerServlet.unknownCommand, command); +sm.getString(managerServlet.unknownCommand, + RequestUtil.filter(command)); } list(request, response, message); 1.35 +26 -14 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java Index: ManagerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- ManagerServlet.java 26 Aug 2004 21:38:13 - 1.34 +++ ManagerServlet.java 5 Jan 2005 11:54:37 - 1.35 @@ -53,6 +53,7 @@ import org.apache.catalina.UserDatabase; import org.apache.catalina.Wrapper; import org.apache.catalina.core.StandardServer; +import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.ServerInfo; import org.apache.catalina.util.StringManager; import org.apache.naming.resources.ProxyDirContext; @@ -455,7 +456,8 @@ // Validate the requested context path if ((path == null) || path.length() == 0 || !path.startsWith(/)) { -writer.println(sm.getString(managerServlet.invalidPath, path)); +writer.println(sm.getString(managerServlet.invalidPath, +RequestUtil.filter(path))); return; } String displayPath = path; @@ -644,7 +646,7 @@ if (path == null || path.length() == 0 || !path.startsWith(/)) { writer.println(sm.getString(managerServlet.invalidPath, -path)); +RequestUtil.filter(path))); return; } String displayPath = path; @@ -724,7 +726,8 @@ log(restart: Reloading web application at ' + path + '); if ((path == null) || (!path.startsWith(/) path.equals())) { -writer.println(sm.getString(managerServlet.invalidPath, path)); +writer.println(sm.getString(managerServlet.invalidPath, +RequestUtil.filter(path))); return; } String displayPath = path; @@ -773,7 +776,8 @@ log(remove: Removing web application at ' + path + '); if ((path == null) || (!path.startsWith(/) path.equals())) { -writer.println(sm.getString(managerServlet.invalidPath, path)); +writer.println(sm.getString(managerServlet.invalidPath, +RequestUtil.filter(path))); return; } String displayPath = path; @@ -783,7 +787,8 @@ try { Context context = deployer.findDeployedApp(path); if (context == null) { -writer.println(sm.getString(managerServlet.noContext, displayPath)); +writer.println(sm.getString(managerServlet.noContext, + RequestUtil.filter(displayPath))); return; } // It isn't possible for the manager to remove itself @@ -977,7 +982,8 @@ log(sessions: Session information for web application at ' + path + '); if ((path == null) || (!path.startsWith(/) path.equals())) { -
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java
amyroh 2002/09/12 00:07:28 Modified:catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java Log: Minor tab fixes. Revision ChangesPath 1.11 +6 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java Index: HTMLManagerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/HTMLManagerServlet.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- HTMLManagerServlet.java 10 Sep 2002 03:31:16 - 1.10 +++ HTMLManagerServlet.java 12 Sep 2002 07:07:27 - 1.11 @@ -128,8 +128,8 @@ // Prepare our output writer to generate the response message response.setContentType(text/html); - Locale locale = Locale.getDefault(); - response.setLocale(locale); +Locale locale = Locale.getDefault(); +response.setLocale(locale); PrintWriter writer = response.getWriter(); // Process the requested command 1.27 +8 -8 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java Index: ManagerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- ManagerServlet.java 10 Sep 2002 03:31:16 - 1.26 +++ ManagerServlet.java 12 Sep 2002 07:07:27 - 1.27 @@ -331,8 +331,8 @@ // Prepare our output writer to generate the response message response.setContentType(text/plain); - Locale locale = Locale.getDefault(); - response.setLocale(locale); +Locale locale = Locale.getDefault(); +response.setLocale(locale); PrintWriter writer = response.getWriter(); // Process the requested command (note - /deploy is not listed here) @@ -396,8 +396,8 @@ // Prepare our output writer to generate the response message response.setContentType(text/plain); - Locale locale = Locale.getDefault(); - response.setLocale(locale); +Locale locale = Locale.getDefault(); +response.setLocale(locale); PrintWriter writer = response.getWriter(); // Process the requested command -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java ManagerServlet.java
bip 01/05/27 14:09:11 Modified:catalina/src/share/org/apache/catalina/servlets ManagerServlet.java Added: catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java Log: Changed ManagerServlet to allow for subclassing. Added HTMLManagerServlet which is a ManagerServlet with a extended HTML interface to allow for easier administration. Revision ChangesPath 1.6 +130 -128 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java Index: ManagerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ManagerServlet.java 2001/05/14 00:02:32 1.5 +++ ManagerServlet.java 2001/05/27 21:09:11 1.6 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v 1.5 2001/05/14 00:02:32 craigmcc Exp $ - * $Revision: 1.5 $ - * $Date: 2001/05/14 00:02:32 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/ManagerServlet.java,v 1.6 2001/05/27 21:09:11 bip Exp $ + * $Revision: 1.6 $ + * $Date: 2001/05/27 21:09:11 $ * * * @@ -152,10 +152,10 @@ * /ul * * @author Craig R. McClanahan - * @version $Revision: 1.5 $ $Date: 2001/05/14 00:02:32 $ + * @version $Revision: 1.6 $ $Date: 2001/05/27 21:09:11 $ */ -public final class ManagerServlet +public class ManagerServlet extends HttpServlet implements ContainerServlet { @@ -165,13 +165,13 @@ /** * The Context container associated with our web application. */ -private Context context = null; +protected Context context = null; /** * The debugging detail level for this servlet. */ -private int debug = 1; +protected int debug = 1; /** @@ -179,20 +179,20 @@ * along with the associated Contexts for web applications that we * are managing. */ -private Deployer deployer = null; +protected Deployer deployer = null; /** * The string manager for this package. */ -private static StringManager sm = - StringManager.getManager(Constants.Package); +protected static StringManager sm = + StringManager.getManager(Constants.Package); /** * The Wrapper container associated with this servlet. */ -private Wrapper wrapper = null; +protected Wrapper wrapper = null; // --- ContainerServlet Methods @@ -250,46 +250,46 @@ * @exception ServletException if a servlet-specified error occurs */ public void doGet(HttpServletRequest request, - HttpServletResponse response) - throws IOException, ServletException { + HttpServletResponse response) +throws IOException, ServletException { - // Identify the request parameters that we need - String command = request.getPathInfo(); - if (command == null) - command = request.getServletPath(); - String path = request.getParameter(path); - String war = request.getParameter(war); - - // Prepare our output writer to generate the response message - response.setContentType(text/plain); - PrintWriter writer = response.getWriter(); - - // Process the requested command - if (command == null) { - writer.println(sm.getString(managerServlet.noCommand)); - } else if (command.equals(/install)) { - install(writer, path, war); - } else if (command.equals(/list)) { - list(writer); - } else if (command.equals(/reload)) { - reload(writer, path); - } else if (command.equals(/remove)) { - remove(writer, path); +// Identify the request parameters that we need +String command = request.getPathInfo(); +if (command == null) +command = request.getServletPath(); +String path = request.getParameter(path); +String war = request.getParameter(war); + +// Prepare our output writer to generate the response message +response.setContentType(text/plain); +PrintWriter writer = response.getWriter(); + +// Process the requested command +if (command == null) { +writer.println(sm.getString(managerServlet.noCommand)); +} else if (command.equals(/install)) { +install(writer, path, war); +}