Re: [Spacewalk-devel] [PATCH] Fix html not being escaped in package information

2013-08-06 Thread Tomas Lestach 
Hello Johannes,

I committed you patch as:
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=55405e0c57e34c35cd13a482cf95e867661c0829

Thank you!
--
Tomas Lestach
Red Hat Satellite Engineering, Red Hat


- Original Message -
 From: Johannes Renner jren...@suse.de
 To: spacewalk-devel@redhat.com
 Sent: Monday, August 5, 2013 4:13:21 PM
 Subject: [Spacewalk-devel] [PATCH] Fix html not being escaped in package  
 information
 
 Hello,
 
 here is another small bugfix patch fixing HTML not being properly
 escaped
 in package description on this page:
 
 https://hostname/rhn/software/packages/Details.do?pid=pid
 
 Found that with a package where there was an email address in ...
 notation that didn't show up.
 
 Thanks and regards,
 Johannes
 
 --
 SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg)
 GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
 
 ___
 Spacewalk-devel mailing list
 Spacewalk-devel@redhat.com
 https://www.redhat.com/mailman/listinfo/spacewalk-devel

___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

[Spacewalk-devel] [PATCH] Fix html not being escaped in package information

2013-08-05 Thread Johannes Renner 
Hello,

here is another small bugfix patch fixing HTML not being properly escaped
in package description on this page:

https://hostname/rhn/software/packages/Details.do?pid=pid

Found that with a package where there was an email address in ...
notation that didn't show up.

Thanks and regards,
Johannes

-- 
SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg)
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
From 63be1b2d99b4a594e3cd198565ea5a13197aae87 Mon Sep 17 00:00:00 2001
From: Johannes Renner jren...@suse.de
Date: Mon, 5 Aug 2013 15:42:53 +0200
Subject: [PATCH] Fix HTML not being escaped in package information

---
 .../redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java b/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java
index b94830c..cf9f7f8 100644
--- a/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java
+++ b/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java
@@ -30,6 +30,7 @@ import com.redhat.rhn.frontend.xmlrpc.NoSuchPackageException;
 import com.redhat.rhn.manager.download.DownloadManager;
 import com.redhat.rhn.manager.rhnpackage.PackageManager;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
@@ -125,8 +126,8 @@ public class PackageDetailsAction extends RhnAction {
 request.setAttribute(pack, pkg);
 // description can be null.
 if (pkg.getDescription() != null) {
-request.setAttribute(description,
-pkg.getDescription().replace(\n, BR\n));
+String description = StringEscapeUtils.escapeHtml(pkg.getDescription());
+request.setAttribute(description, description.replace(\n, BR\n));
 }
 else {
 request.setAttribute(description,
-- 
1.8.1.4

___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel