svn commit: r662583 - /tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java

Mon, 02 Jun 2008 14:42:00 -0700 

Author: markt
Date: Mon Jun  2 14:41:36 2008
New Revision: 662583

URL: http://svn.apache.org/viewvc?rev=662583&view=rev
Log:
Fix potential XSS in host-manager.
This is CVE-2008-1947.

Modified:
    
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java

Modified: 
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java?rev=662583&r1=662582&r2=662583&view=diff
==============================================================================
--- 
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
 (original)
+++ 
tomcat/container/tc5.5.x/webapps/host-manager/WEB-INF/classes/org/apache/catalina/hostmanager/HTMLHostManagerServlet.java
 Mon Jun  2 14:41:36 2008
@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.net.URLEncoder;
 import java.text.MessageFormat;
 import java.util.Iterator;
 import java.util.Map;
@@ -276,17 +277,20 @@
                 args = new Object[7];
                 args[0] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/start?name=" + hostName);
+                     "/html/start?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[1] = hostsStart;
                 args[2] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/stop?name=" + hostName);
+                     "/html/stop?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[3] = hostsStop;
                 args[4] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/remove?name=" + hostName);
+                     "/html/remove?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[5] = hostsRemove;
-                args[6] = hostName;
+                args[6] = RequestUtil.filter(hostName);
                 if (host == this.host) {
                     writer.print(MessageFormat.format(
                         MANAGER_HOST_ROW_BUTTON_SECTION, args));



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to