JBossWeb SVN: r1656 - branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager. - jbossweb-commits

Thursday, 10 February 2011


Author: jfrederic.clere(a)jboss.com
Date: 2011-02-10 10:07:42 -0500 (Thu, 10 Feb 2011)
New Revision: 1656

Modified:
  
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java
  
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/StatusTransformer.java
Log:
Fix for CVE-2011-0013.


Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java	2011-02-10
14:35:36 UTC (rev 1655)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/HTMLManagerServlet.java	2011-02-10
15:07:42 UTC (rev 1656)
@@ -35,6 +35,7 @@
 import org.apache.catalina.Context;
 import org.apache.catalina.util.RequestUtil;
 import org.apache.catalina.util.ServerInfo;
+import org.apache.catalina.util.URLEncoder;
 import org.apache.tomcat.util.http.fileupload.DiskFileUpload;
 import org.apache.tomcat.util.http.fileupload.FileItem;
 
@@ -63,6 +64,13 @@
 
 public final class HTMLManagerServlet extends ManagerServlet {
 
+    protected static final URLEncoder URL_ENCODER;
+    static {
+        URL_ENCODER = new URLEncoder();
+        // '/' should not be encoded in context paths
+        URL_ENCODER.addSafeCharacter('/');
+    }
+
     // --------------------------------------------------------- Public Methods
 
     /**
@@ -365,24 +373,26 @@
                     isDeployed = false;
                 }
                 
-                args = new Object[6];
-                args[0] = displayPath;
-                args[1] = context.getDisplayName();
-                if (args[1] == null) {
-                    args[1] = "&nbsp;";
+                args = new Object[7];
+                args[0] = URL_ENCODER.encode(displayPath);
+                args[1] = RequestUtil.filter(displayPath);
+                if (context.getDisplayName() == null) { 
+                    args[2] = "&nbsp;";
+                } else {
+                    args[2] = RequestUtil.filter(context.getDisplayName());
                 }
-                args[2] = new Boolean(context.getAvailable());
-                args[3] = response.encodeURL
+                args[3] = new Boolean(context.getAvailable());
+                args[4] = response.encodeURL
                     (request.getContextPath() +
                      "/html/sessions?path=" + displayPath);
                 if (context.getManager() != null) {
-                    args[4] = new Integer
+                    args[5] = new Integer
                         (context.getManager().getActiveSessions());
                 } else {
-                    args[4] = new Integer(0);
+                    args[5] = new Integer(0);
                 }
 
-                args[5] = highlightColor;
+                args[6] = highlightColor;
 
                 writer.print
                     (MessageFormat.format(APPS_ROW_DETAILS_SECTION, args));
@@ -586,10 +596,10 @@
 
     private static final String APPS_ROW_DETAILS_SECTION =
         "<tr>\n" +
-        " <td class=\"row-left\"
bgcolor=\"{5}\"><small><a
href=\"{0}\">{0}</a></small></td>\n" +
-        " <td class=\"row-left\"
bgcolor=\"{5}\"><small>{1}</small></td>\n" +
-        " <td class=\"row-center\"
bgcolor=\"{5}\"><small>{2}</small></td>\n" +
-        " <td class=\"row-center\"
bgcolor=\"{5}\"><small><a
href=\"{3}\">{4}</a></small></td>\n";
+        " <td class=\"row-left\"
bgcolor=\"{6}\"><small><a
href=\"{0}\">{1}</a></small></td>\n" +
+        " <td class=\"row-left\"
bgcolor=\"{6}\"><small>{2}</small></td>\n" +
+        " <td class=\"row-center\"
bgcolor=\"{6}\"><small>{3}</small></td>\n" +
+        " <td class=\"row-center\"
bgcolor=\"{6}\"><small><a
href=\"{4}\">{5}</a></small></td>\n";
 
     private static final String MANAGER_APP_ROW_BUTTON_SECTION =
         " <td class=\"row-left\" bgcolor=\"{8}\">\n"
+

Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/StatusTransformer.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/StatusTransformer.java	2011-02-10
14:35:36 UTC (rev 1655)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager/StatusTransformer.java	2011-02-10
15:07:42 UTC (rev 1656)
@@ -575,7 +575,7 @@
                 }
 
                 writer.print("<a href=\"#" + (count++) +
".0\">");
-                writer.print(webModuleName);
+                writer.print(filter(webModuleName));
                 writer.print("</a>");
                 if (iterator.hasNext()) {
                     writer.print("<br>");
@@ -650,7 +650,7 @@
             }
 
             writer.print("<h1>");
-            writer.print(name);
+            writer.print(filter(name));
             writer.print("</h1>");
             writer.print("</a>");
 
@@ -778,11 +778,11 @@
                 mBeanServer.invoke(objectName, "findMappings", null, null);
             
             writer.print("<h2>");
-            writer.print(servletName);
+            writer.print(filter(servletName));
             if ((mappings != null) && (mappings.length > 0)) {
                 writer.print(" [ ");
                 for (int i = 0; i < mappings.length; i++) {
-                    writer.print(mappings[i]);
+                    writer.print(filter(mappings[i]));
                     if (i < mappings.length - 1) {
                         writer.print(" , ");
                     }


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

JBossWeb SVN: r1656 - branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/manager.