billbarker 2003/09/04 21:20:49
Modified: catalina/src/share/org/apache/catalina/users MemoryUser.java
Log:
XML-escape the values when writing out the tomcat-users.xml file.
Expanded on a patch
Submitted By: Mark Thomas [EMAIL PROTECTED]
Revision Changes Path
1.3 +10 -10
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/users/MemoryUser.java
Index: MemoryUser.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/users/MemoryUser.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- MemoryUser.java 2 Sep 2003 21:22:03 -0000 1.2
+++ MemoryUser.java 5 Sep 2003 04:20:49 -0000 1.3
@@ -70,7 +70,7 @@
import org.apache.catalina.Group;
import org.apache.catalina.Role;
import org.apache.catalina.UserDatabase;
-
+import org.apache.catalina.util.RequestUtil;
/**
* <p>Concrete implementation of [EMAIL PROTECTED] User} for the
@@ -294,13 +294,13 @@
public String toString() {
StringBuffer sb = new StringBuffer("<user username=\"");
- sb.append(username);
+ sb.append(RequestUtil.filter(username));
sb.append("\" password=\"");
- sb.append(password);
+ sb.append(RequestUtil.filter(password));
sb.append("\"");
if (fullName != null) {
sb.append(" fullName=\"");
- sb.append(fullName);
+ sb.append(RequestUtil.filter(fullName));
sb.append("\"");
}
synchronized (groups) {
@@ -313,7 +313,7 @@
sb.append(',');
}
n++;
- sb.append(((Group) values.next()).getGroupname());
+ sb.append(RequestUtil.filter(((Group)
values.next()).getGroupname()));
}
sb.append("\"");
}
@@ -328,7 +328,7 @@
sb.append(',');
}
n++;
- sb.append(((Role) values.next()).getRolename());
+ sb.append(RequestUtil.filter(((Role)
values.next()).getRolename()));
}
sb.append("\"");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
