Hello, here is another small bugfix patch fixing HTML not being properly escaped in package description on this page:
https://<hostname>/rhn/software/packages/Details.do?pid=<pid> Found that with a package where there was an email address in "<...>" notation that didn't show up. Thanks and regards, Johannes -- SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
>From 63be1b2d99b4a594e3cd198565ea5a13197aae87 Mon Sep 17 00:00:00 2001 From: Johannes Renner <jren...@suse.de> Date: Mon, 5 Aug 2013 15:42:53 +0200 Subject: [PATCH] Fix HTML not being escaped in package information --- .../redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java b/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java index b94830c..cf9f7f8 100644 --- a/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java +++ b/java/code/src/com/redhat/rhn/frontend/action/rhnpackage/PackageDetailsAction.java @@ -30,6 +30,7 @@ import com.redhat.rhn.frontend.xmlrpc.NoSuchPackageException; import com.redhat.rhn.manager.download.DownloadManager; import com.redhat.rhn.manager.rhnpackage.PackageManager; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.struts.action.ActionForm; import org.apache.struts.action.ActionForward; import org.apache.struts.action.ActionMapping; @@ -125,8 +126,8 @@ public class PackageDetailsAction extends RhnAction { request.setAttribute("pack", pkg); // description can be null. if (pkg.getDescription() != null) { - request.setAttribute("description", - pkg.getDescription().replace("\n", "<BR>\n")); + String description = StringEscapeUtils.escapeHtml(pkg.getDescription()); + request.setAttribute("description", description.replace("\n", "<BR>\n")); } else { request.setAttribute("description", -- 1.8.1.4
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel