subject:"cvs commit\: jakarta\-tomcat\-4.0\/webapps\/examples\/jsp\/snp snoop.jsp"

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

2005-01-05 Thread markt

markt   2005/01/05 02:25:04

  Modified:webapps/examples/jsp/snp snoop.jsp
  Log:
  Fix possible XSS issue.
  
  Revision  ChangesPath
  1.3   +1 -1  jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp
  
  Index: snoop.jsp
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- snoop.jsp 23 Apr 2002 15:17:26 -  1.2
  +++ snoop.jsp 5 Jan 2005 10:25:04 -   1.3
  @@ -7,7 +7,7 @@
   body bgcolor=white
   h1 Request Information /h1
   font size=4
  -JSP Request Method: %= request.getMethod() %
  +JSP Request Method: %= util.HTMLFilter.filter(request.getMethod()) %
   br
   Request URI: %= request.getRequestURI() %
   br
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

2005-01-05 Thread markt

markt   2005/01/05 02:34:52

  Modified:webapps/examples/jsp/snp snoop.jsp
  Log:
  Make code consistent.
  
  Revision  ChangesPath
  1.4   +1 -1  jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp
  
  Index: snoop.jsp
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- snoop.jsp 5 Jan 2005 10:25:04 -   1.3
  +++ snoop.jsp 5 Jan 2005 10:34:52 -   1.4
  @@ -7,7 +7,7 @@
   body bgcolor=white
   h1 Request Information /h1
   font size=4
  -JSP Request Method: %= util.HTMLFilter.filter(request.getMethod()) %
  +JSP Request Method: % 
out.print(util.HTMLFilter.filter(request.getMethod())); %
   br
   Request URI: %= request.getRequestURI() %
   br
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

2005-01-05 Thread markt

markt   2005/01/05 03:14:09

  Modified:webapps/examples/jsp/snp snoop.jsp
  Log:
  Another possible XSS issue.
  
  Revision  ChangesPath
  1.5   +1 -1  jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp
  
  Index: snoop.jsp
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/examples/jsp/snp/snoop.jsp,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- snoop.jsp 5 Jan 2005 10:34:52 -   1.4
  +++ snoop.jsp 5 Jan 2005 11:14:09 -   1.5
  @@ -21,7 +21,7 @@
   br
   Content length: %= request.getContentLength() %
   br
  -Content type: %= request.getContentType() %
  +Content type: % 
out.print(util.HTMLFilter.filter(request.getContentType())); %
   br
   Server name: %= request.getServerName() %
   br
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

2002-04-23 Thread remm


remm02/04/23 08:17:26

  Modified:webapps/examples/WEB-INF/classes CookieExample.java
RequestHeaderExample.java RequestInfoExample.java
RequestParamExample.java SessionExample.java
   webapps/examples/jsp/cal cal1.jsp
   webapps/examples/jsp/checkbox checkresult.jsp
   webapps/examples/jsp/sessions carts.jsp
   webapps/examples/jsp/snp snoop.jsp
  Added:   webapps/examples/WEB-INF/classes/util HTMLFilter.java
  Removed: webapps/examples/WEB-INF/classes SnoopServlet.java
TroubleShooter.java
  Log:
  - Fix all the cross-scripting vulnerabilities I could find.
  - Remove the two servlets which were exposing path information.
  - Obviously, the examples webapp should be removed before putting
Tomcat in production anyway.
  
  Revision  ChangesPath
  1.3   +12 -7 
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java
  
  Index: CookieExample.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- CookieExample.java11 Jun 2001 22:49:11 -  1.2
  +++ CookieExample.java23 Apr 2002 15:17:25 -  1.3
  @@ -1,4 +1,4 @@
  -/* $Id: CookieExample.java,v 1.2 2001/06/11 22:49:11 craigmcc Exp $
  +/* $Id: CookieExample.java,v 1.3 2002/04/23 15:17:25 remm Exp $
*
*/
   
  @@ -8,6 +8,8 @@
   import javax.servlet.*;
   import javax.servlet.http.*;
   
  +import util.HTMLFilter;
  +
   /**
* Example servlet showing request headers
*
  @@ -54,9 +56,11 @@
   out.println(rb.getString(cookies.cookies) + br);
   for (int i = 0; i  cookies.length; i++) {
   Cookie cookie = cookies[i];
  -out.print(Cookie Name:  + cookie.getName() + br);
  -out.println(  Cookie Value:  + cookie.getValue() +
  - brbr);
  +out.print(Cookie Name:  + HTMLFilter.filter(cookie.getName())
  +  + br);
  +out.println(  Cookie Value:  
  ++ HTMLFilter.filter(cookie.getValue())
  ++ brbr);
   }
   } else {
   out.println(rb.getString(cookies.no-cookies));
  @@ -69,9 +73,10 @@
   response.addCookie(cookie);
   out.println(P);
   out.println(rb.getString(cookies.set) + br);
  -out.print(rb.getString(cookies.name) ++ cookieName +
  -   br);
  -out.print(rb.getString(cookies.value) ++ cookieValue);
  +out.print(rb.getString(cookies.name) +
  +  + HTMLFilter.filter(cookieName) + br);
  +out.print(rb.getString(cookies.value) +
  +  + HTMLFilter.filter(cookieValue));
   }
   
   out.println(P);
  
  
  
  1.2   +8 -3  
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
  
  Index: RequestHeaderExample.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestHeaderExample.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- RequestHeaderExample.java 17 Aug 2000 00:57:53 -  1.1
  +++ RequestHeaderExample.java 23 Apr 2002 15:17:25 -  1.2
  @@ -1,4 +1,4 @@
  -/* $Id: RequestHeaderExample.java,v 1.1 2000/08/17 00:57:53 horwat Exp $
  +/* $Id: RequestHeaderExample.java,v 1.2 2002/04/23 15:17:25 remm Exp $
*
*/
   
  @@ -8,6 +8,8 @@
   import javax.servlet.*;
   import javax.servlet.http.*;
   
  +import util.HTMLFilter;
  +
   /**
* Example servlet showing request headers
*
  @@ -53,8 +55,11 @@
   while (e.hasMoreElements()) {
   String headerName = (String)e.nextElement();
   String headerValue = request.getHeader(headerName);
  -out.println(trtd bgcolor=\#CC\ + headerName);
  -out.println(/tdtd + headerValue + /td/tr);
  +out.println(trtd bgcolor=\#CC\);
  +out.println(HTMLFilter.filter(headerName));
  +out.println(/tdtd);
  +out.println(HTMLFilter.filter(headerValue));
  +out.println(/td/tr);
   }
   out.println(/table);
   }
  
  
  
  1.2   +4 -3  
jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestInfoExample.java
  
  Index: RequestInfoExample.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestInfoExample.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

cvs commit: jakarta-tomcat-4.0/webapps/examples/jsp/snp snoop.jsp

4 matches

Site Navigation

Mail list logo

Footer information