yoavs 2004/09/20 09:39:28
Modified: webapps/docs Tag: TOMCAT_5_0 changelog.xml
webapps/manager/WEB-INF/classes/org/apache/catalina/manager
Tag: TOMCAT_5_0 StatusTransformer.java
Log:
Bugzilla 31058: xml-escape query string in manager's StatusTransformer.
Revision Changes Path
No revision
No revision
1.70.2.36 +3 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml
Index: changelog.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
retrieving revision 1.70.2.35
retrieving revision 1.70.2.36
diff -u -r1.70.2.35 -r1.70.2.36
--- changelog.xml 20 Sep 2004 16:11:47 -0000 1.70.2.35
+++ changelog.xml 20 Sep 2004 16:39:28 -0000 1.70.2.36
@@ -89,6 +89,9 @@
<fix>
<bug>29485</bug>: Added JavaScript confirmation prompts to HTML Manager
actions. (yoavs)
</fix>
+ <fix>
+ <bug>31058</bug>: Ensure StatusTransformer escapes query string for XML.
(yoavs)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
No revision
No revision
1.18.2.1 +4 -3
jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java
Index: StatusTransformer.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java,v
retrieving revision 1.18
retrieving revision 1.18.2.1
diff -u -r1.18 -r1.18.2.1
--- StatusTransformer.java 26 May 2004 16:41:54 -0000 1.18
+++ StatusTransformer.java 20 Sep 2004 16:39:28 -0000 1.18.2.1
@@ -25,6 +25,7 @@
import java.util.Vector;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.util.RequestUtil;
import org.apache.tomcat.util.compat.JdkCompat;
import javax.management.MBeanServer;
@@ -404,7 +405,7 @@
(pName, "currentQueryString");
if ((queryString != null) && (!queryString.equals(""))) {
writer.write("?");
- writer.print(queryString);
+ writer.print(RequestUtil.filter(queryString));
}
writer.write(" ");
writer.write(filter(mBeanServer.getAttribute
@@ -459,7 +460,7 @@
(pName, "currentQueryString");
if ((queryString != null) && (!queryString.equals(""))) {
writer.write(" currentQueryString=\""
- + queryString + "\"");
+ + RequestUtil.filter(queryString) + "\"");
} else {
writer.write(" currentQueryString=\"?\"");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
