svn commit: r1549763 - /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java

Mon, 09 Dec 2013 21:52:01 -0800 

Author: cziegeler
Date: Tue Dec 10 05:48:02 2013
New Revision: 1549763

URL: http://svn.apache.org/r1549763
Log:
SLING-3271 : Properly xml escape web console output

Modified:
    
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java

Modified: 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java?rev=1549763&r1=1549762&r2=1549763&view=diff
==============================================================================
--- 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
 (original)
+++ 
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
 Tue Dec 10 05:48:02 2013
@@ -28,6 +28,8 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.sling.api.request.ResponseUtil;
+
 @SuppressWarnings("serial")
 public class AuthenticatorWebConsolePlugin extends HttpServlet {
 
@@ -76,7 +78,7 @@ public class AuthenticatorWebConsolePlug
         pw.println("</table>");
     }
 
-    private void printAuthenticationHandler(PrintWriter pw) {
+    private void printAuthenticationHandler(final PrintWriter pw) {
         pw.println("<tr>");
         pw.println("<th class='content container' colspan='3'>Registered 
Authentication Handler</td>");
         pw.println("</tr>");
@@ -86,18 +88,18 @@ public class AuthenticatorWebConsolePlug
         pw.println("</tr>");
 
         final Map<String, List<String>> handlerMap = 
slingAuthenticator.getAuthenticationHandler();
-        for (Map.Entry<String, List<String>> handler : handlerMap.entrySet()) {
+        for (final Map.Entry<String, List<String>> handler : 
handlerMap.entrySet()) {
             final String path = handler.getKey();
-            for (String name : handler.getValue()) {
+            for (final String name : handler.getValue()) {
                 pw.println("<tr class='content'>");
-                pw.println("<td class='content'>" + path + "</td>");
-                pw.println("<td class='content' colspan='2'>" + name + 
"</td>");
+                pw.printf("<td class='content'>%s</td>%n", 
ResponseUtil.escapeXml(path));
+                pw.printf("<td class='content' colspan='2'>%s</td>%n", 
ResponseUtil.escapeXml(name));
                 pw.println("</tr>");
             }
         }
     }
 
-    private void printAuthenticationRequirements(PrintWriter pw) {
+    private void printAuthenticationRequirements(final PrintWriter pw) {
         pw.println("<tr>");
         pw.println("<th class='content container' colspan='3'>Authentication 
Requirement Configuration</td>");
         pw.println("</tr>");
@@ -108,19 +110,18 @@ public class AuthenticatorWebConsolePlug
         pw.println("</tr>");
 
         final List<AuthenticationRequirementHolder> holderList = 
slingAuthenticator.getAuthenticationRequirements();
-        for (AuthenticationRequirementHolder req : holderList) {
+        for (final AuthenticationRequirementHolder req : holderList) {
 
             pw.println("<tr class='content'>");
-            pw.println("<td class='content'>" + req.fullPath + "</td>");
-            pw.println("<td class='content'>"
-                + (req.requiresAuthentication() ? "Yes" : "No") + "</td>");
-            pw.println("<td class='content'>" + req.getProvider() + "</td>");
+            pw.printf("<td class='content'>%s</td>%n", 
ResponseUtil.escapeXml(req.fullPath));
+            pw.printf("<td class='content'>%s</td>%n", 
(req.requiresAuthentication() ? "Yes" : "No"));
+            pw.printf("<td class='content'>%s</td>%n", 
ResponseUtil.escapeXml(req.getProvider()));
             pw.println("</tr>");
 
         }
     }
 
-    private void printAuthenticationConfiguration(PrintWriter pw) {
+    private void printAuthenticationConfiguration(final PrintWriter pw) {
         final String anonUser = slingAuthenticator.getAnonUserName();
         final String sudoCookie = slingAuthenticator.getSudoCookieName();
         final String sudoParam = slingAuthenticator.getSudoParameterName();
@@ -131,15 +132,15 @@ public class AuthenticatorWebConsolePlug
         pw.println("</tr>");
         pw.println("<tr>");
         pw.println("<td class='content'>Impersonation Cookie</td>");
-        pw.printf("<td class='content' colspan='2'>%s</td>%n", sudoCookie);
+        pw.printf("<td class='content' colspan='2'>%s</td>%n", 
ResponseUtil.escapeXml(sudoCookie));
         pw.println("</tr>");
         pw.println("<tr>");
         pw.println("<td class='content'>Impersonation Parameter</td>");
-        pw.printf("<td class='content' colspan='2'>%s</td>%n", sudoParam);
+        pw.printf("<td class='content' colspan='2'>%s</td>%n", 
ResponseUtil.escapeXml(sudoParam));
         pw.println("</tr>");
         pw.println("<tr>");
         pw.println("<td class='content'>Anonymous User Name</td>");
-        pw.printf("<td class='content' colspan='2'>%s</td>%n", (anonUser == 
null) ? "(default)" : anonUser);
+        pw.printf("<td class='content' colspan='2'>%s</td>%n", (anonUser == 
null) ? "(default)" : ResponseUtil.escapeXml(anonUser));
         pw.println("</tr>");
     }
 }

Reply via email to