stevel 2003/01/15 15:30:40
Modified: java/src/org/apache/axis AxisFault.java
Log:
bug 16147; extend dumpString() to allow for the option to escape all fault strings.
This is an option as we dont want it during debugging, just html display.
Revision Changes Path
1.67 +30 -6 xml-axis/java/src/org/apache/axis/AxisFault.java
Index: AxisFault.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/AxisFault.java,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- AxisFault.java 14 Jan 2003 06:40:53 -0000 1.66
+++ AxisFault.java 15 Jan 2003 23:30:40 -0000 1.67
@@ -315,7 +315,18 @@
* turn the fault and details into a string
* @return stringified fault details
*/
- public String dumpToString()
+ public String dumpToString() {
+ return dumpToString(true);
+ }
+
+ /**
+ * turn the fault and details into a string, with or without XML escaping.
+ * subclassers: for security (cross-site-scripting) reasons,
+ * escape everything that could contain caller-supplied data.
+ * @param escapeText flag to control whether to XML escape everything
+ * @return stringified fault details
+ */
+ public String dumpToString(boolean escapeText)
{
String details = new String();
@@ -336,7 +347,7 @@
+ XMLUtils.getInnerXMLString(e);
}
}
-
+
String subCodes = new String();
if (faultSubCode != null) {
for (int i = 0; i < faultSubCode.size(); i++) {
@@ -345,13 +356,26 @@
}
}
+ String code=faultCode.toString();
+ String errorString=faultString;
+ String actor=faultActor;
+ String node=faultNode;
+
+ if (escapeText) {
+ //encode everything except details and subcodes, which are already
+ //dealt with one way or another.
+ code= XMLUtils.xmlEncodeString(code);
+ errorString = XMLUtils.xmlEncodeString(errorString);
+ actor= XMLUtils.xmlEncodeString(actor);
+ node = XMLUtils.xmlEncodeString(node);
+ }
return "AxisFault" + JavaUtils.LS
- + " faultCode: " + faultCode + JavaUtils.LS
+ + " faultCode: " + code + JavaUtils.LS
+ " faultSubcode: " + subCodes + JavaUtils.LS
- + " faultString: " + faultString + JavaUtils.LS
- + " faultActor: " + faultActor + JavaUtils.LS
- + " faultNode: " + faultNode + JavaUtils.LS
+ + " faultString: " + errorString + JavaUtils.LS
+ + " faultActor: " + actor + JavaUtils.LS
+ + " faultNode: " + node + JavaUtils.LS
+ " faultDetail: " + details + JavaUtils.LS
;
}