stevel      2003/01/15 15:30:40

  Modified:    java/src/org/apache/axis AxisFault.java
  Log:
  bug 16147; extend dumpString() to allow for the option to escape all fault strings. 
This is an option as we dont want it during debugging, just html display.
  
  Revision  Changes    Path
  1.67      +30 -6     xml-axis/java/src/org/apache/axis/AxisFault.java
  
  Index: AxisFault.java
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/AxisFault.java,v
  retrieving revision 1.66
  retrieving revision 1.67
  diff -u -r1.66 -r1.67
  --- AxisFault.java    14 Jan 2003 06:40:53 -0000      1.66
  +++ AxisFault.java    15 Jan 2003 23:30:40 -0000      1.67
  @@ -315,7 +315,18 @@
        * turn the fault and details into a string
        * @return stringified fault details
        */
  -    public String dumpToString()
  +    public String dumpToString() {
  +        return dumpToString(true);
  +    }
  +
  +    /**
  +     * turn the fault and details into a string, with or without XML escaping.
  +     * subclassers: for security (cross-site-scripting) reasons, 
  +     * escape everything that could contain caller-supplied data. 
  +     * @param escapeText flag to control whether to XML escape everything
  +     * @return stringified fault details
  +     */
  +    public String dumpToString(boolean escapeText)
       {
           String details = new String();
   
  @@ -336,7 +347,7 @@
                             + XMLUtils.getInnerXMLString(e);
               }
           }
  -        
  +
           String subCodes = new String();
           if (faultSubCode != null) {
               for (int i = 0; i < faultSubCode.size(); i++) {
  @@ -345,13 +356,26 @@
   
               }
           }
  +        String code=faultCode.toString();
  +        String errorString=faultString;
  +        String actor=faultActor;
  +        String node=faultNode;
  +
  +        if (escapeText) {
  +            //encode everything except details and subcodes, which are already
  +            //dealt with one way or another.
  +            code= XMLUtils.xmlEncodeString(code);
  +            errorString = XMLUtils.xmlEncodeString(errorString);
  +            actor= XMLUtils.xmlEncodeString(actor);
  +            node = XMLUtils.xmlEncodeString(node);
  +        }
   
           return "AxisFault" + JavaUtils.LS
  -            + " faultCode: " + faultCode + JavaUtils.LS
  +            + " faultCode: " + code + JavaUtils.LS
               + " faultSubcode: " + subCodes + JavaUtils.LS
  -            + " faultString: " + faultString + JavaUtils.LS
  -            + " faultActor: " + faultActor + JavaUtils.LS
  -            + " faultNode: " + faultNode + JavaUtils.LS
  +            + " faultString: " + errorString + JavaUtils.LS
  +            + " faultActor: " + actor + JavaUtils.LS
  +            + " faultNode: " + node + JavaUtils.LS
               + " faultDetail: " + details + JavaUtils.LS
               ;
       }
  
  
  


Reply via email to