svn commit: r920381 - /ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java

Mon, 08 Mar 2010 08:11:26 -0800 

Author: lektran
Date: Mon Mar  8 16:11:04 2010
New Revision: 920381

URL: http://svn.apache.org/viewvc?rev=920381&view=rev
Log:
Merged from trunk r920371
Properly encode any error messages before attempting to write them to the 
response.  I'm doing it here to avoid having to do the encoding within each 
app's error.jsp file, I think this should be fine though.

Modified:
    
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java

Modified: 
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java?rev=920381&r1=920380&r2=920381&view=diff
==============================================================================
--- 
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
 (original)
+++ 
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
 Mon Mar  8 16:11:04 2010
@@ -32,6 +32,7 @@
 import org.apache.bsf.BSFManager;
 
 import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
 import org.ofbiz.base.util.UtilHttp;
 import org.ofbiz.base.util.UtilJ2eeCompat;
 import org.ofbiz.base.util.UtilTimer;
@@ -202,11 +203,13 @@
         } catch (RequestHandlerException e) {
             Throwable throwable = e.getNested() != null ? e.getNested() : e;
             Debug.logError(throwable, "Error in request handler: ", module);
-            request.setAttribute("_ERROR_MESSAGE_", throwable.toString());
+            StringUtil.HtmlEncoder encoder = new StringUtil.HtmlEncoder();
+            request.setAttribute("_ERROR_MESSAGE_", 
encoder.encode(throwable.toString()));
             errorPage = requestHandler.getDefaultErrorPage(request);
         } catch (Exception e) {
             Debug.logError(e, "Error in request handler: ", module);
-            request.setAttribute("_ERROR_MESSAGE_", e.toString());
+            StringUtil.HtmlEncoder encoder = new StringUtil.HtmlEncoder();
+            request.setAttribute("_ERROR_MESSAGE_", 
encoder.encode(e.toString()));
             errorPage = requestHandler.getDefaultErrorPage(request);
         }

Reply via email to