svn commit: r1811704 - in /tomcat/trunk: java/org/apache/catalina/manager/StatusTransformer.java webapps/docs/changelog.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1811704 - in /tomcat/trunk: java/org/apache/catalina/manager/StatusTransformer.java webapps/docs/changelog.xml

Rémy Maucherat
Author: remm
Date: Tue Oct 10 14:22:31 2017
New Revision: 1811704

URL: http://svn.apache.org/viewvc?rev=1811704&view=rev
Log:
61603: Add XML escaping to the names of some memory pools. The escape/filterXml methods could be factored out maybe (although it would add imports on other JARs).

Modified:
    tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1811704&r1=1811703&r2=1811704&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java Tue Oct 10 14:22:31 2017
@@ -260,7 +260,7 @@ public class StatusTransformer {
             for (MemoryPoolMXBean memoryPoolMBean : memoryPoolMBeans.values()) {
                 MemoryUsage usage = memoryPoolMBean.getUsage();
                 writer.write("<memorypool");
-                writer.write(" name='" + memoryPoolMBean.getName() + "'");
+                writer.write(" name='" + filterXml(memoryPoolMBean.getName()) + "'");
                 writer.write(" type='" + memoryPoolMBean.getType() + "'");
                 writer.write(" usageInit='" + usage.getInit() + "'");
                 writer.write(" usageCommitted='" + usage.getCommitted() + "'");
@@ -947,6 +947,35 @@ public class StatusTransformer {
     }
 
 
+    /**
+     * Escape the 5 entities defined by XML.
+     * @param s The message string to be filtered
+     * @return filtered XML content
+     */
+    public static String filterXml(String s) {
+        if (s == null)
+            return "";
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < s.length(); i++) {
+            char c = s.charAt(i);
+            if (c == '<') {
+                sb.append("&lt;");
+            } else if (c == '>') {
+                sb.append("&gt;");
+            } else if (c == '\'') {
+                sb.append("&apos;");
+            } else if (c == '&') {
+                sb.append("&amp;");
+            } else if (c == '"') {
+                sb.append("&quot;");
+            } else {
+                sb.append(c);
+            }
+        }
+        return sb.toString();
+    }
+
+
     /**
      * Display the given size in bytes, either as KB or MB.
      *

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1811704&r1=1811703&r2=1811704&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Oct 10 14:22:31 2017
@@ -75,6 +75,10 @@
       <fix>
         Enable Javadoc to be built with Java 9. (markt)
       </fix>
+      <fix>
+        <bug>61603</bug>: Add XML filtering for the status servlet output where
+        needed. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1811704 - in /tomcat/trunk: java/org/apache/catalina/manager/StatusTransformer.java webapps/docs/changelog.xml

Konstantin Kolinko
The HTMLManagerServlet class in the same package calls
RequestUtil.filter() e.g. for web application names.  (import
org.apache.catalina.util.RequestUtil;)

This class should use that method as well. There is no need to copy
the implementation.


2017-10-10 17:22 GMT+03:00  <[hidden email]>:

> Author: remm
> Date: Tue Oct 10 14:22:31 2017
> New Revision: 1811704
>
> URL: http://svn.apache.org/viewvc?rev=1811704&view=rev
> Log:
> 61603: Add XML escaping to the names of some memory pools. The escape/filterXml methods could be factored out maybe (although it would add imports on other JARs).
>
> Modified:
>     tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
>     tomcat/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1811704&r1=1811703&r2=1811704&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java (original)
> +++ tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java Tue Oct 10 14:22:31 2017
> @@ -260,7 +260,7 @@ public class StatusTransformer {
>              for (MemoryPoolMXBean memoryPoolMBean : memoryPoolMBeans.values()) {
>                  MemoryUsage usage = memoryPoolMBean.getUsage();
>                  writer.write("<memorypool");
> -                writer.write(" name='" + memoryPoolMBean.getName() + "'");
> +                writer.write(" name='" + filterXml(memoryPoolMBean.getName()) + "'");
>                  writer.write(" type='" + memoryPoolMBean.getType() + "'");
>                  writer.write(" usageInit='" + usage.getInit() + "'");
>                  writer.write(" usageCommitted='" + usage.getCommitted() + "'");
> @@ -947,6 +947,35 @@ public class StatusTransformer {
>      }
>
>
> +    /**
> +     * Escape the 5 entities defined by XML.
> +     * @param s The message string to be filtered
> +     * @return filtered XML content
> +     */
> +    public static String filterXml(String s) {
> +        if (s == null)
> +            return "";
> +        StringBuilder sb = new StringBuilder();
> +        for (int i = 0; i < s.length(); i++) {
> +            char c = s.charAt(i);
> +            if (c == '<') {
> +                sb.append("&lt;");
> +            } else if (c == '>') {
> +                sb.append("&gt;");
> +            } else if (c == '\'') {
> +                sb.append("&apos;");
> +            } else if (c == '&') {
> +                sb.append("&amp;");
> +            } else if (c == '"') {
> +                sb.append("&quot;");
> +            } else {
> +                sb.append(c);
> +            }
> +        }
> +        return sb.toString();
> +    }
> +
> +
>      /**
>       * Display the given size in bytes, either as KB or MB.
>       *
>
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1811704&r1=1811703&r2=1811704&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Tue Oct 10 14:22:31 2017
> @@ -75,6 +75,10 @@
>        <fix>
>          Enable Javadoc to be built with Java 9. (markt)
>        </fix>
> +      <fix>
> +        <bug>61603</bug>: Add XML filtering for the status servlet output where
> +        needed. (remm)
> +      </fix>
>      </changelog>
>    </subsection>
>    <subsection name="Other">
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1811704 - in /tomcat/trunk: java/org/apache/catalina/manager/StatusTransformer.java webapps/docs/changelog.xml

Rémy Maucherat
On Tue, Oct 10, 2017 at 4:34 PM, Konstantin Kolinko <[hidden email]>
wrote:

> The HTMLManagerServlet class in the same package calls
> RequestUtil.filter() e.g. for web application names.  (import
> org.apache.catalina.util.RequestUtil;)
>
> This class should use that method as well. There is no need to copy
> the implementation.
>

Well, it's not the same thing here. And I did mention: The escape/filterXml
methods could be factored out maybe (although it would add imports on other
JARs).

Rémy
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1811704 - in /tomcat/trunk: java/org/apache/catalina/manager/StatusTransformer.java webapps/docs/changelog.xml

markt
In reply to this post by Rémy Maucherat
On 10/10/17 15:22, [hidden email] wrote:
> Author: remm
> Date: Tue Oct 10 14:22:31 2017
> New Revision: 1811704
>
> URL: http://svn.apache.org/viewvc?rev=1811704&view=rev
> Log:
> 61603: Add XML escaping to the names of some memory pools. The escape/filterXml methods could be factored out maybe (although it would add imports on other JARs).

I took a look at the refactoring and there were multiple versions of XML
and HTML escaping. As it looked to be a strong candidate for
refactoring, I went ahead and did that.

In terms of dependencies, it didn't require any changes.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]