sentry git commit: SENTRY-2120: Escape input string for error response message in LogLevelServlet (Na Li, reviewed by Colm O hEigeartaigh, Sergio Pena)

Fri, 12 Jan 2018 14:29:44 -0800 

Repository: sentry
Updated Branches:
  refs/heads/master 6b644c97a -> 6cfd35716


SENTRY-2120: Escape input string for error response message in LogLevelServlet 
(Na Li, reviewed by Colm O hEigeartaigh, Sergio Pena)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6cfd3571
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6cfd3571
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6cfd3571

Branch: refs/heads/master
Commit: 6cfd35716fbfb89e014692414103b353b7ee2c49
Parents: 6b644c9
Author: Sergio Pena <[email protected]>
Authored: Fri Jan 12 16:22:21 2018 -0600
Committer: Sergio Pena <[email protected]>
Committed: Fri Jan 12 16:22:57 2018 -0600

----------------------------------------------------------------------
 .../sentry/provider/db/service/thrift/LogLevelServlet.java     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/6cfd3571/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
index fce41a8..68d6d90 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/LogLevelServlet.java
@@ -107,11 +107,11 @@ public class LogLevelServlet extends HttpServlet {
         logInstance.setLevel(Level.toLevel(level));
         out.write(String.format(FORMS_SET,
                 escapeHtml(logName),
-                level,
-                level,
+                escapeHtml(level),
+                escapeHtml(level),
                 logInstance.getEffectiveLevel().toString()));
       } else {
-        response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid log 
level: " + level);
+        response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid log 
level: " + escapeHtml(level));
         return;
       }
     }

Reply via email to