[jboss-svn-commits] JBL Code SVN: r23558 - in labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web: lib and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Thu Oct 23 04:26:58 EDT 2008
Author: beve
Date: 2008-10-23 04:26:57 -0400 (Thu, 23 Oct 2008)
New Revision: 23558
Added:
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/lib/jstl.jar
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/lib/standard.jar
Modified:
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/build.xml
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/attribute.jsp
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/index.jsp
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/invoke.jsp
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/operations.jsp
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/results.jsp
labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/web.xml
Log:
Work for https://jira.jboss.org/jira/browse/JBESB-2128 "Cross-Site scripting issues in ESB management console"
variable output is now encoded by using the org.apache.taglibs.standard.tag.common.core.Util.escapeXml method.
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/build.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/build.xml 2008-10-23 07:25:03 UTC (rev 23557)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/build.xml 2008-10-23 08:26:57 UTC (rev 23558)
@@ -37,6 +37,8 @@
<lib dir="${mgmt.web.dir}/lib">
<include name="jfreechart-1.0.6.jar"/>
<include name="jcommon-1.0.10.jar"/>
+ <include name="jstl.jar"/>
+ <include name="standard.jar"/>
</lib>
</war>
</target>
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/lib/jstl.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/lib/jstl.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/lib/standard.jar
===================================================================
(Binary files differ)
Property changes on: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/lib/standard.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/attribute.jsp
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/attribute.jsp 2008-10-23 07:25:03 UTC (rev 23557)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/attribute.jsp 2008-10-23 08:26:57 UTC (rev 23558)
@@ -12,7 +12,8 @@
org.jboss.soa.esb.monitoring.server.StatisticsHelper,
org.jboss.soa.esb.monitoring.server.TimeSeriesChartProducer,
org.jfree.data.time.Minute,
- org.jfree.chart.JFreeChart
+ org.jfree.chart.JFreeChart,
+ org.apache.taglibs.standard.tag.common.core.Util
"%>
<%!
private static int imagecounter = 0;
@@ -45,7 +46,7 @@
<hr>
<%
Long id = new Long(request.getParameter("id"));
-String servername = request.getParameter("servername");
+String servername = Util.escapeXml(request.getParameter("servername"));
int maxrecords = 10;
try {
maxrecords = Integer.parseInt(request.getParameter("maxrecords"));
@@ -102,7 +103,7 @@
<%
} else {
%>
-<h1><code><%=attribute%></code></h1>
+<h1><code><%=Util.escapeXml(attribute)%></code></h1>
<%
}
%><br>
@@ -115,7 +116,7 @@
<option value="44640" <%=StatisticsHelper.getSelected(44640, timerange)%>>1 month
<option value="-1" <%=StatisticsHelper.getSelected(-1, timerange)%>>All
</select> and the
-list the last <input type="text" name="maxrecords" value="<%=maxrecords%>"></input> records
+list the last <input type="text" name="maxrecords" value="<%= maxrecords %>"></input> records
<input type="hidden" name="id" value="<%=id%>">
<input type="hidden" name="servername" value="<%=servername%>">
<input type="submit" value="submit">
@@ -125,7 +126,7 @@
<table>
<tr>
<th>Collection Date</th>
-<th><%=attribute%></th>
+<th><%=Util.escapeXml(attribute) %></th>
</tr>
<%
NumberFormat nf = NumberFormat.getInstance();
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/index.jsp
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/index.jsp 2008-10-23 07:25:03 UTC (rev 23557)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/index.jsp 2008-10-23 08:26:57 UTC (rev 23558)
@@ -6,7 +6,8 @@
org.hibernate.Transaction,
org.jboss.soa.esb.monitoring.MonitoringSessionFactory,
org.jboss.soa.esb.monitoring.pojo.*,
- org.jboss.soa.esb.monitoring.server.StatisticsHelper
+ org.jboss.soa.esb.monitoring.server.StatisticsHelper,
+ org.apache.taglibs.standard.tag.common.core.Util
"%>
<html>
<head>
@@ -46,7 +47,7 @@
String serverName = (String) serverNames.get(i);
%>
<hr>
- <h1><code><%=serverName%></code></h1>
+ <h1><code><%=Util.escapeXml(serverName)%></code></h1>
<%
List objectNames = StatisticsHelper.getObjectNamesForServer(sess, serverName);
for (int j = 0; j < objectNames.size(); j++) {
@@ -58,7 +59,7 @@
List attributeNames = StatisticsHelper.getAttributes(sess, serverName, objectName);
for (int k = 0; k < attributeNames.size(); k++) {
JMXAttribute jmxattr = (JMXAttribute) attributeNames.get(k);
- String attributeName = jmxattr.getAttribute();
+ String attributeName = Util.escapeXml(jmxattr.getAttribute());
%>
<li><a href="attribute.jsp?servername=<%=serverName%>&id=<%=jmxattr.getId()%>"><%=attributeName%></a></li>
<%
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/invoke.jsp
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/invoke.jsp 2008-10-23 07:25:03 UTC (rev 23557)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/invoke.jsp 2008-10-23 08:26:57 UTC (rev 23558)
@@ -42,8 +42,7 @@
</table>
<hr>
<%
-String idString = request.getParameter("id");
-Long id = new Long(idString);
+Long id = new Long(request.getParameter("id"));
Session sess = null;
Transaction tx = null;
ServiceControlCommand obean = null;
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/operations.jsp
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/operations.jsp 2008-10-23 07:25:03 UTC (rev 23557)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/operations.jsp 2008-10-23 08:26:57 UTC (rev 23558)
@@ -7,7 +7,8 @@
org.jboss.soa.esb.monitoring.MonitoringSessionFactory,
org.jboss.soa.esb.monitoring.pojo.*,
org.jboss.soa.esb.monitoring.server.StatisticsHelper,
- org.jboss.soa.esb.monitoring.server.OperationsHelper
+ org.jboss.soa.esb.monitoring.server.OperationsHelper,
+ org.apache.taglibs.standard.tag.common.core.Util
"%>
<html>
<head>
@@ -48,13 +49,13 @@
String serverName = (String) serverNames.get(i);
%>
<hr>
- <h1><code><%=serverName%></code></h1>
+ <h1><code><%=Util.escapeXml(serverName)%></code></h1>
<%
List objectNames = OperationsHelper.getObjectNamesForServer(sess, serverName);
for (int j = 0; j < objectNames.size(); j++) {
String objectName= (String) objectNames.get(j);
%>
- <li><b><%=objectName%></b></li>
+ <li><b><%=Util.escapeXml(objectName)%></b></li>
<ul>
<%
List operations = OperationsHelper.getOperations(sess, serverName, objectName);
@@ -63,7 +64,7 @@
String operation = jmxoper.getReturntype() + " " + jmxoper.getOperation()
+ " (" + jmxoper.getDescription() + ")";
%>
- <li><a href="invoke.jsp?id=<%=jmxoper.getId()%>"><%=operation%></a></li>
+ <li><a href="invoke.jsp?id=<%=jmxoper.getId()%>"><%=Util.escapeXml(operation)%></a></li>
<%
}
%>
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/results.jsp
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/results.jsp 2008-10-23 07:25:03 UTC (rev 23557)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/src/main/webapp/results.jsp 2008-10-23 08:26:57 UTC (rev 23558)
@@ -7,7 +7,8 @@
org.jboss.soa.esb.monitoring.MonitoringSessionFactory,
org.jboss.soa.esb.monitoring.pojo.*,
org.jboss.soa.esb.monitoring.server.StatisticsHelper,
- org.jboss.soa.esb.monitoring.server.OperationsHelper
+ org.jboss.soa.esb.monitoring.server.OperationsHelper,
+ org.apache.taglibs.standard.tag.common.core.Util
"%>
<html>
<head>
@@ -48,7 +49,7 @@
String serverName = (String) serverNames.get(i);
%>
<hr>
- <h1><code><%=serverName%></code></h1>
+ <h1><code><%=Util.escapeXml(serverName)%></code></h1>
<%
List results = OperationsHelper.getOperationResults(sess, serverName);
for (int j = 0; j < results.size(); j++) {
@@ -56,9 +57,9 @@
%>
<li><b><%=jmxor.getStatdate()%></b></li>
<ul>
- <li><b>Result:</b> <%=jmxor.getResult() %>
- <li><b>Object name:</b> <%=jmxor.getOperation().getObjectname() %>
- <li><b>Operation:</b> <%=jmxor.getOperation().getReturntype()%> <%=jmxor.getOperation().getOperation() %>
+ <li><b>Result:</b> <%=Util.escapeXml(jmxor.getResult())%>
+ <li><b>Object name:</b> <%=Util.escapeXml(jmxor.getOperation().getObjectname()) %>
+ <li><b>Operation:</b> <%=Util.escapeXml(jmxor.getOperation().getReturntype())%> <%=Util.escapeXml(jmxor.getOperation().getOperation()) %>
</ul>
<%
}
Modified: labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/web.xml
===================================================================
--- labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/web.xml 2008-10-23 07:25:03 UTC (rev 23557)
+++ labs/jbossesb/branches/JBESB_4_4_GA_CP/product/tools/console/management-web/web.xml 2008-10-23 08:26:57 UTC (rev 23558)
@@ -1,7 +1,5 @@
-<!DOCTYPE web-app PUBLIC
- "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd" >
-
-<web-app>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" >
<display-name>Archetype Created Web Application</display-name>
</web-app>
More information about the jboss-svn-commits
mailing list