scheduled.jsp

dejanb Thu, 21 Mar 2013 05:34:27 -0700

Author: dejanb
Date: Thu Mar 21 12:34:01 2013
New Revision: 1459265

URL: http://svn.apache.org/r1459265
Log:
https://issues.apache.org/jira/browse/AMQ-4397 - xss in cron expressions


Modified:
    
activemq/trunk/activemq-client/src/main/java/org/apache/activemq/broker/scheduler/CronParser.java
    activemq/trunk/activemq-web-console/src/main/webapp/scheduled.jsp

Modified: 
activemq/trunk/activemq-client/src/main/java/org/apache/activemq/broker/scheduler/CronParser.java
URL: 
http://svn.apache.org/viewvc/activemq/trunk/activemq-client/src/main/java/org/apache/activemq/broker/scheduler/CronParser.java?rev=1459265&r1=1459264&r2=1459265&view=diff
==============================================================================
--- 
activemq/trunk/activemq-client/src/main/java/org/apache/activemq/broker/scheduler/CronParser.java
 (original)
+++ 
activemq/trunk/activemq-client/src/main/java/org/apache/activemq/broker/scheduler/CronParser.java
 Thu Mar 21 12:34:01 2013
@@ -42,7 +42,7 @@ public class CronParser {
 
         // Handle the once per minute case "* * * * *"
         // starting the next event at the top of the minute.
-        if (cronEntry.startsWith("* * * * *")) {
+        if (cronEntry.equals("* * * * *")) {
             result = currentTime + 60 * 1000;
             result = result / 1000 * 1000;
             return result;

Modified: activemq/trunk/activemq-web-console/src/main/webapp/scheduled.jsp
URL: 
http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/scheduled.jsp?rev=1459265&r1=1459264&r2=1459265&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/scheduled.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/scheduled.jsp Thu Mar 
21 12:34:01 2013
@@ -40,13 +40,13 @@
                <c:forEach items="${requestContext.brokerQuery.scheduledJobs}"
                var="row">
                <tr>
-                <td>${row.jobId}</td>
-                <td>${row.cronEntry}</td>
-                <td>${row.nextExecutionTime}</td>
-                <td>${row.start}</td>
-                <td>${row.delay}</td>
-                <td>${row.period}</td>
-            <td>${row.repeat}</td>
+                <td><c:out value="${row.jobId}"/></td>
+                <td><c:out value="${row.cronEntry}"/></td>
+                <td><c:out value="${row.nextExecutionTime}"/></td>
+                <td><c:out value="${row.start}"/></td>
+                <td><c:out value="${row.delay}"/></td>
+                <td><c:out value="${row.period}"/></td>
+            <td><c:out value="${row.repeat}"/></td>
                <td>
                    <a href="deleteJob.action?jobId=${row.jobId}&secret=<c:out 
value='${sessionScope["secret"]}'/>">Delete</a>
                </td>

svn commit: r1459265 - in /activemq/trunk: activemq-client/src/main/java/org/apache/activemq/broker/scheduler/CronParser.java activemq-web-console/src/main/webapp/scheduled.jsp

Reply via email to