yoavs 2004/09/20 09:39:28 Modified: webapps/docs Tag: TOMCAT_5_0 changelog.xml webapps/manager/WEB-INF/classes/org/apache/catalina/manager Tag: TOMCAT_5_0 StatusTransformer.java Log: Bugzilla 31058: xml-escape query string in manager's StatusTransformer. Revision Changes Path No revision No revision 1.70.2.36 +3 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml Index: changelog.xml =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v retrieving revision 1.70.2.35 retrieving revision 1.70.2.36 diff -u -r1.70.2.35 -r1.70.2.36 --- changelog.xml 20 Sep 2004 16:11:47 -0000 1.70.2.35 +++ changelog.xml 20 Sep 2004 16:39:28 -0000 1.70.2.36 @@ -89,6 +89,9 @@ <fix> <bug>29485</bug>: Added JavaScript confirmation prompts to HTML Manager actions. (yoavs) </fix> + <fix> + <bug>31058</bug>: Ensure StatusTransformer escapes query string for XML. (yoavs) + </fix> </changelog> </subsection> <subsection name="Jasper"> No revision No revision 1.18.2.1 +4 -3 jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java Index: StatusTransformer.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java,v retrieving revision 1.18 retrieving revision 1.18.2.1 diff -u -r1.18 -r1.18.2.1 --- StatusTransformer.java 26 May 2004 16:41:54 -0000 1.18 +++ StatusTransformer.java 20 Sep 2004 16:39:28 -0000 1.18.2.1 @@ -25,6 +25,7 @@ import java.util.Vector; import javax.servlet.http.HttpServletResponse; +import org.apache.catalina.util.RequestUtil; import org.apache.tomcat.util.compat.JdkCompat; import javax.management.MBeanServer; @@ -404,7 +405,7 @@ (pName, "currentQueryString"); if ((queryString != null) && (!queryString.equals(""))) { writer.write("?"); - writer.print(queryString); + writer.print(RequestUtil.filter(queryString)); } writer.write(" "); writer.write(filter(mBeanServer.getAttribute @@ -459,7 +460,7 @@ (pName, "currentQueryString"); if ((queryString != null) && (!queryString.equals(""))) { writer.write(" currentQueryString=\"" - + queryString + "\""); + + RequestUtil.filter(queryString) + "\""); } else { writer.write(" currentQueryString=\"?\""); }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]