Author: jfrederic.clere(a)jboss.com
Date: 2008-07-25 09:48:38 -0400 (Fri, 25 Jul 2008)
New Revision: 728
Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Log:
Fix the 2007-2450 and 2007-3386 (Just to make security people happy the
servlet is configured in JBossAS so it won't be used).
Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java 2008-07-25
11:53:28 UTC (rev 727)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java 2008-07-25
13:48:38 UTC (rev 728)
@@ -107,8 +107,7 @@
message = stop(path);
} else {
message =
- sm.getString("managerServlet.unknownCommand",
- RequestUtil.filter(command));
+ sm.getString("managerServlet.unknownCommand", command);
}
list(request, response, message);
@@ -282,7 +281,11 @@
// Message Section
args = new Object[3];
args[0] = sm.getString("htmlManagerServlet.messageLabel");
- args[1] = (message == null || message.length() == 0) ? "OK" : message;
+ if (message == null || message.length() == 0) {
+ args[1] = "OK";
+ } else {
+ args[1] = RequestUtil.filter(message);
+ }
writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
// Manager Section
Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/host/HTMLHostManagerServlet.java 2008-07-25
11:53:28 UTC (rev 727)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/host/HTMLHostManagerServlet.java 2008-07-25
13:48:38 UTC (rev 728)
@@ -32,6 +32,7 @@
import org.apache.catalina.Container;
import org.apache.catalina.Host;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
/**
@@ -195,7 +196,11 @@
// Message Section
args = new Object[3];
args[0] = sm.getString("htmlHostManagerServlet.messageLabel");
- args[1] = (message == null || message.length() == 0) ? "OK" : message;
+ if (message == null || message.length() == 0) {
+ args[1] = "OK";
+ } else {
+ args[1] = RequestUtil.filter(message);
+ }
writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
// Manager Section
@@ -248,7 +253,7 @@
if (host != null ) {
args = new Object[2];
- args[0] = hostName;
+ args[0] = RequestUtil.filter(hostName);
String[] aliases = host.findAliases();
StringBuffer buf = new StringBuffer();
if (aliases.length > 0) {
@@ -260,9 +265,11 @@
if (buf.length() == 0) {
buf.append(" ");
+ args[1] = buf.toString();
+ } else {
+ args[1] = buf.toString();
}
- args[1] = buf.toString();
writer.print
(MessageFormat.format(HOSTS_ROW_DETAILS_SECTION, args));
Show replies by thread