[Stripes-dev] SF.net SVN: stripes: [419] trunk

tfenne Tue, 26 Sep 2006 08:50:53 -0700

Revision: 419
          http://svn.sourceforge.net/stripes/?rev=419&view=rev
Author:   tfenne
Date:     2006-09-26 04:59:58 -0700 (Tue, 26 Sep 2006)


Log Message:
-----------
Fix for STS-256: parameter values should be encoded in error messages

Modified Paths:
--------------
    trunk/examples/src/StripesResources.properties
    
trunk/examples/src/net/sourceforge/stripes/examples/bugzooky/LoginActionBean.java
    trunk/stripes/src/net/sourceforge/stripes/controller/DispatcherHelper.java

Modified: trunk/examples/src/StripesResources.properties
===================================================================
--- trunk/examples/src/StripesResources.properties      2006-09-26 02:39:52 UTC 
(rev 418)
+++ trunk/examples/src/StripesResources.properties      2006-09-26 11:59:58 UTC 
(rev 419)
@@ -71,7 +71,7 @@
 # Login action error messages and fields
 username=Username
 password=Password
-/examples/bugzooky/Login.action.usernameDoesNotExist=The {0} ''{2}'' does not 
exist. Please check your {0} and try again.
+/examples/bugzooky/Login.action.usernameDoesNotExist=The {0} ''{1}'' does not 
exist. Please check your {0} and try again.
 /examples/bugzooky/Login.action.incorrectPassword=The {0} entered does not 
match the {0} on file.
 
 # Registration action error messages and fields

Modified: 
trunk/examples/src/net/sourceforge/stripes/examples/bugzooky/LoginActionBean.java
===================================================================
--- 
trunk/examples/src/net/sourceforge/stripes/examples/bugzooky/LoginActionBean.java
   2006-09-26 02:39:52 UTC (rev 418)
+++ 
trunk/examples/src/net/sourceforge/stripes/examples/bugzooky/LoginActionBean.java
   2006-09-26 11:59:58 UTC (rev 419)
@@ -4,7 +4,6 @@
 import net.sourceforge.stripes.action.Resolution;
 import net.sourceforge.stripes.examples.bugzooky.biz.Person;
 import net.sourceforge.stripes.examples.bugzooky.biz.PersonManager;
-import net.sourceforge.stripes.examples.bugzooky.BugzookyActionBean;
 import net.sourceforge.stripes.validation.LocalizableError;
 import net.sourceforge.stripes.validation.Validate;
 import net.sourceforge.stripes.validation.ValidationError;
@@ -48,7 +47,7 @@
         Person person = pm.getPerson(this.username);
 
         if (person == null) {
-            ValidationError error = new 
LocalizableError("usernameDoesNotExist", username);
+            ValidationError error = new 
LocalizableError("usernameDoesNotExist");
             getContext().getValidationErrors().add("username", error);
             return getContext().getSourcePageResolution();
         }

Modified: 
trunk/stripes/src/net/sourceforge/stripes/controller/DispatcherHelper.java
===================================================================
--- trunk/stripes/src/net/sourceforge/stripes/controller/DispatcherHelper.java  
2006-09-26 02:39:52 UTC (rev 418)
+++ trunk/stripes/src/net/sourceforge/stripes/controller/DispatcherHelper.java  
2006-09-26 11:59:58 UTC (rev 419)
@@ -7,6 +7,7 @@
 import net.sourceforge.stripes.config.Configuration;
 import net.sourceforge.stripes.exception.StripesServletException;
 import net.sourceforge.stripes.util.Log;
+import net.sourceforge.stripes.util.HtmlUtil;
 import net.sourceforge.stripes.validation.Validatable;
 import net.sourceforge.stripes.validation.ValidationError;
 import net.sourceforge.stripes.validation.ValidationErrorHandler;
@@ -372,8 +373,11 @@
                     // This is done to fill in parameter values for any errors 
the user
                     // created and didn't add values to
                     if (error.getFieldValue() == null) {
-                        
error.setFieldValue(request.getParameter(parameterName));
+                        
error.setFieldValue(HtmlUtil.encode(request.getParameter(parameterName)));
                     }
+                    else {
+                        
error.setFieldValue(HtmlUtil.encode(error.getFieldValue()));
+                    }
                 }
             }
         }


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

[Stripes-dev] SF.net SVN: stripes: [419] trunk

Reply via email to