yoavs 2004/09/20 09:31:17 Modified: webapps/docs changelog.xml webapps/manager/WEB-INF/classes/org/apache/catalina/manager StatusTransformer.java Log: Bugzilla 31058: XML-escape query string for Manager's StatusTransformer. Revision Changes Path 1.109 +3 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml Index: changelog.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v retrieving revision 1.108 retrieving revision 1.109 diff -u -r1.108 -r1.109 --- changelog.xml 20 Sep 2004 15:57:55 -0000 1.108 +++ changelog.xml 20 Sep 2004 16:31:17 -0000 1.109 @@ -61,6 +61,9 @@ <fix> <bug>29485</bug>: I broke the HTML manager when adding JavaScript confirmation, fixed now ;) (yoavs) </fix> + <fix> + <bug>31058</bug>: Ensure StatusTransformer escapes query string for XML. (yoavs) + </fix> </changelog> </subsection> </section> 1.22 +4 -3 jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java Index: StatusTransformer.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- StatusTransformer.java 7 Sep 2004 20:57:35 -0000 1.21 +++ StatusTransformer.java 20 Sep 2004 16:31:17 -0000 1.22 @@ -25,6 +25,7 @@ import java.util.Vector; import javax.servlet.http.HttpServletResponse; +import org.apache.catalina.util.RequestUtil; import org.apache.tomcat.util.compat.JdkCompat; import javax.management.MBeanServer; @@ -404,7 +405,7 @@ (pName, "currentQueryString"); if ((queryString != null) && (!queryString.equals(""))) { writer.write("?"); - writer.print(queryString); + writer.print(RequestUtil.filter(queryString)); } writer.write(" "); writer.write(filter(mBeanServer.getAttribute @@ -459,7 +460,7 @@ (pName, "currentQueryString"); if ((queryString != null) && (!queryString.equals(""))) { writer.write(" currentQueryString=\"" - + queryString + "\""); + + RequestUtil.filter(queryString) + "\""); } else { writer.write(" currentQueryString=\"?\""); }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]