Author: dejanb
Date: Wed Apr 7 13:55:14 2010
New Revision: 931552
URL: http://svn.apache.org/viewvc?rev=931552&view=rev
Log:
https://issues.apache.org/activemq/browse/AMQ-2613 - more web console sanitation
Modified:
activemq/trunk/activemq-web-console/src/main/java/org/apache/activemq/web/controller/SendMessage.java
activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp
activemq/trunk/activemq-web-console/src/main/webapp/connection.jsp
activemq/trunk/activemq-web-console/src/main/webapp/message.jsp
Modified:
activemq/trunk/activemq-web-console/src/main/java/org/apache/activemq/web/controller/SendMessage.java
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/java/org/apache/activemq/web/controller/SendMessage.java?rev=931552&r1=931551&r2=931552&view=diff
==============================================================================
---
activemq/trunk/activemq-web-console/src/main/java/org/apache/activemq/web/controller/SendMessage.java
(original)
+++
activemq/trunk/activemq-web-console/src/main/java/org/apache/activemq/web/controller/SendMessage.java
Wed Apr 7 13:55:14 2010
@@ -178,6 +178,9 @@ public class SendMessage extends Destina
for (Iterator iter = map.entrySet().iterator(); iter.hasNext();) {
Map.Entry entry = (Map.Entry) iter.next();
String name = (String) entry.getKey();
+ if (name.equals("secret")) {
+ continue;
+ }
Object value = entry.getValue();
if (isValidPropertyName(name)) {
if (value instanceof String[]) {
Modified: activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp?rev=931552&r1=931551&r2=931552&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp Wed Apr 7
13:55:14 2010
@@ -41,13 +41,13 @@
<tr>
<td><a href="message.jsp?id=${row.JMSMessageID}&JMSDestination=<c:out
value="${requestContext.queueBrowser.JMSDestination}" />"
title="${row.properties}">${row.JMSMessageID}</a></td>
-<td>${row.JMSCorrelationID}</td>
+<td><c:out value="${row.JMSCorrelationID}"/></td>
<td><jms:persistent message="${row}"/></td>
-<td>${row.JMSPriority}</td>
-<td>${row.JMSRedelivered}</td>
-<td>${row.JMSReplyTo}</td>
+<td><c:out value="${row.JMSPriority}"/></td>
+<td><c:out value="${row.JMSRedelivered}"/></td>
+<td><c:out value="${row.JMSReplyTo}"/></td>
<td><jms:formatTimestamp timestamp="${row.JMSTimestamp}"/></td>
-<td>${row.JMSType}</td>
+<td><c:out value="${row.JMSType}"/></td>
<td>
<a href="deleteMessage.action?JMSDestination=<c:out
value="${row.JMSDestination}"/>&messageId=${row.JMSMessageID}&secret=<c:out
value='${sessionScope["secret"]}'/>">Delete</a>
</td>
Modified: activemq/trunk/activemq-web-console/src/main/webapp/connection.jsp
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/connection.jsp?rev=931552&r1=931551&r2=931552&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/connection.jsp
(original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/connection.jsp Wed Apr
7 13:55:14 2010
@@ -17,7 +17,7 @@
<html>
<head>
<c:set var="row" value="${requestContext.connectionQuery.connection}"/>
-<title>Connection ${requestContext.connectionQuery.connectionID}</title>
+<title>Connection <c:out
value="${requestContext.connectionQuery.connectionID}" /></title>
</head>
<body>
@@ -26,40 +26,40 @@
<c:when test="${empty row}">
<div>
-No connection could be found for ID
${requestContext.connectionQuery.connectionID}
+No connection could be found for ID <c:out
value="${requestContext.connectionQuery.connectionID}" />
</div>
</c:when>
<c:otherwise>
-<h2>Connection ${requestContext.connectionQuery.connectionID}</h2>
+<h2>Connection <c:out value="${requestContext.connectionQuery.connectionID}"
/></h2>
<table id="header" class="sortable autostripe">
<tbody>
<tr>
<td class="label" title="Unique ID for this
connection">Connection ID</td>
- <td>${requestContext.connectionQuery.connectionID}</td>
+ <td><c:out
value="${requestContext.connectionQuery.connectionID}" /></td>
</tr>
<tr>
<td class="label" tite="Hostname and port of the
connected party">Remote Address</td>
- <td>${row.remoteAddress}</td>
+ <td><c:out value="${row.remoteAddress}" /></td>
</tr>
<tr>
<td class="label">Active</td>
- <td>${row.active}</td>
+ <td><c:out value="${row.active}" /></td>
</tr>
<tr>
<td class="label">Connected</td>
- <td>${row.connected}</td>
+ <td><c:out value="${row.connected}" /></td>
</tr>
<tr>
<td class="label">Blocked</td>
- <td>${row.blocked}</td>
+ <td><c:out value="${row.blocked}" /></td>
</tr>
<tr>
<td class="label">Slow</td>
- <td>${row.slow}</td>
+ <td><c:out value="${row.slow}" /></td>
</tr>
</tbody>
</table>
@@ -96,29 +96,29 @@ No connection could be found for ID ${re
<td>
<c:choose>
<c:when test="${consumer.destinationQueue}">
- Queue <a
href="browse.jsp?JMSDestination=${consumer.destinationName}">${consumer.destinationName}</a>
+ Queue <a
href="browse.jsp?JMSDestination=${consumer.destinationName}"><c:out
value="${consumer.destinationName}" /></a>
</c:when>
<c:when test="${consumer.destinationTopic}">
- Topic <a
href="send.jsp?JMSDestination=${consumer.destinationName}">${consumer.destinationName}</a>
+ Topic <a
href="send.jsp?JMSDestination=${consumer.destinationName}"><c:out
value="${consumer.destinationName}" /></a>
</c:when>
<c:otherwise>
- ${consumer.destinationName}
+ <c:out value="${consumer.destinationName}" />
</c:otherwise>
</c:choose>
</td>
- <td>${consumer.sessionId}</td>
- <td>${consumer.selector}</td>
- <td>${consumer.enqueueCounter}</td>
- <td>${consumer.dequeueCounter}</td>
- <td>${consumer.dispachedCounter}</td>
- <td>${consumer.dispatchedQueueSize}</td>
+ <td><c:out value="${consumer.sessionId}" /></td>
+ <td><c:out value="${consumer.selector}" /></td>
+ <td><c:out value="${consumer.enqueueCounter}" /></td>
+ <td><c:out value="${consumer.dequeueCounter}" /></td>
+ <td><c:out value="${consumer.dispachedCounter}" /></td>
+ <td><c:out value="${consumer.dispatchedQueueSize}" /></td>
<td>
- ${consumer.prefetchSize}<br/>
- ${consumer.maximumPendingMessageLimit}
+ <c:out value="${consumer.prefetchSize}" /><br/>
+ <c:out value="${consumer.maximumPendingMessageLimit}" />
</td>
<td>
- ${consumer.exclusive}<br/>
- ${consumer.retroactive}
+ <c:out value="${consumer.exclusive}" /><br/>
+ <c:out value="${consumer.retroactive}" />
</td>
</tr>
</c:forEach>
Modified: activemq/trunk/activemq-web-console/src/main/webapp/message.jsp
URL:
http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/message.jsp?rev=931552&r1=931551&r2=931552&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/message.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/message.jsp Wed Apr 7
13:55:14 2010
@@ -17,7 +17,7 @@
<html>
<head>
<c:set var="row" value="${requestContext.messageQuery.message}"/>
-<title>Message ${requestContext.messageQuery.id}</title>
+<title>Message <c:out value="${requestContext.messageQuery.id}"/></title>
</head>
<body>
@@ -26,7 +26,7 @@
<c:when test="${empty row}">
<div>
-No message could be found for ID ${requestContext.messageQuery.id}
+No message could be found for ID <c:out
value="${requestContext.messageQuery.id}"/>
</div>
</c:when>
@@ -47,7 +47,7 @@ No message could be found for ID ${reque
<tbody>
<tr>
<td class="label" title="Unique
Message ID for this message">Message ID</td>
- <td>${row.JMSMessageID}</td>
+ <td><c:out
value="${row.JMSMessageID}"/></td>
</tr>
<tr>
<td
class="label">Destination</td>
@@ -55,19 +55,19 @@ No message could be found for ID ${reque
</tr>
<tr>
<td class="label" title="The ID
used to correlate messages together in a conversation">Correlation ID</td>
- <td>${row.JMSCorrelationID}</td>
+ <td><c:out
value="${row.JMSCorrelationID}"/></td>
</tr>
<tr>
<td class="label"
title="Message Group Identifier">Group</td>
- <td>${row.groupID}</td>
+ <td><c:out
value="${row.groupID}"/></td>
</tr>
<tr>
<td class="label"
title="Message Group Sequence Number">Sequence</td>
- <td>${row.groupSequence}</td>
+ <td><c:out
value="${row.groupSequence}"/></td>
</tr>
<tr>
<td
class="label">Expiration</td>
- <td>${row.JMSExpiration}</td>
+ <td><c:out
value="${row.JMSExpiration}"/></td>
</tr>
<tr>
<td
class="label">Persistence</td>
@@ -75,15 +75,15 @@ No message could be found for ID ${reque
</tr>
<tr>
<td class="label">Priority</td>
- <td>${row.JMSPriority}</td>
+ <td><c:out
value="${row.JMSPriority}"/></td>
</tr>
<tr>
<td
class="label">Redelivered</td>
- <td>${row.JMSRedelivered}</td>
+ <td><c:out
value="${row.JMSRedelivered}"/></td>
</tr>
<tr>
<td class="label">Reply To</td>
- <td>${row.JMSReplyTo}</td>
+ <td><c:out
value="${row.JMSReplyTo}"/></td>
</tr>
<tr>
<td class="label">Timestamp</td>
@@ -91,7 +91,7 @@ No message could be found for ID ${reque
</tr>
<tr>
<td class="label">Type</td>
- <td>${row.JMSType}</td>
+ <td><c:out
value="${row.JMSType}"/></td>
</tr>
</tbody>
</table>
@@ -109,8 +109,8 @@ No message could be found for ID ${reque
<tbody>
<form:forEachMapEntry
items="${requestContext.messageQuery.propertiesMap}" var="prop">
<tr>
- <td
class="label">${prop.key}</td>
- <td>${prop.value}</td>
+ <td
class="label"><c:out value="${prop.key}"/></td>
+ <td><c:out
value="${prop.value}"/></td>
</tr>
<tr>
</form:forEachMapEntry>
