yoavs 2004/09/20 09:31:17
Modified: webapps/docs changelog.xml
webapps/manager/WEB-INF/classes/org/apache/catalina/manager
StatusTransformer.java
Log:
Bugzilla 31058: XML-escape query string for Manager's StatusTransformer.
Revision Changes Path
1.109 +3 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml
Index: changelog.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- changelog.xml 20 Sep 2004 15:57:55 -0000 1.108
+++ changelog.xml 20 Sep 2004 16:31:17 -0000 1.109
@@ -61,6 +61,9 @@
<fix>
<bug>29485</bug>: I broke the HTML manager when adding JavaScript
confirmation, fixed now ;) (yoavs)
</fix>
+ <fix>
+ <bug>31058</bug>: Ensure StatusTransformer escapes query string for XML.
(yoavs)
+ </fix>
</changelog>
</subsection>
</section>
1.22 +4 -3
jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java
Index: StatusTransformer.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- StatusTransformer.java 7 Sep 2004 20:57:35 -0000 1.21
+++ StatusTransformer.java 20 Sep 2004 16:31:17 -0000 1.22
@@ -25,6 +25,7 @@
import java.util.Vector;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.util.RequestUtil;
import org.apache.tomcat.util.compat.JdkCompat;
import javax.management.MBeanServer;
@@ -404,7 +405,7 @@
(pName, "currentQueryString");
if ((queryString != null) && (!queryString.equals(""))) {
writer.write("?");
- writer.print(queryString);
+ writer.print(RequestUtil.filter(queryString));
}
writer.write(" ");
writer.write(filter(mBeanServer.getAttribute
@@ -459,7 +460,7 @@
(pName, "currentQueryString");
if ((queryString != null) && (!queryString.equals(""))) {
writer.write(" currentQueryString=\""
- + queryString + "\"");
+ + RequestUtil.filter(queryString) + "\"");
} else {
writer.write(" currentQueryString=\"?\"");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
