You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2017/10/10 14:22:32 UTC
svn commit: r1811704 - in /tomcat/trunk:
java/org/apache/catalina/manager/StatusTransformer.java
webapps/docs/changelog.xml
Author: remm
Date: Tue Oct 10 14:22:31 2017
New Revision: 1811704
URL: http://svn.apache.org/viewvc?rev=1811704&view=rev
Log:
61603: Add XML escaping to the names of some memory pools. The escape/filterXml methods could be factored out maybe (although it would add imports on other JARs).
Modified:
tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1811704&r1=1811703&r2=1811704&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java Tue Oct 10 14:22:31 2017
@@ -260,7 +260,7 @@ public class StatusTransformer {
for (MemoryPoolMXBean memoryPoolMBean : memoryPoolMBeans.values()) {
MemoryUsage usage = memoryPoolMBean.getUsage();
writer.write("<memorypool");
- writer.write(" name='" + memoryPoolMBean.getName() + "'");
+ writer.write(" name='" + filterXml(memoryPoolMBean.getName()) + "'");
writer.write(" type='" + memoryPoolMBean.getType() + "'");
writer.write(" usageInit='" + usage.getInit() + "'");
writer.write(" usageCommitted='" + usage.getCommitted() + "'");
@@ -947,6 +947,35 @@ public class StatusTransformer {
}
+ /**
+ * Escape the 5 entities defined by XML.
+ * @param s The message string to be filtered
+ * @return filtered XML content
+ */
+ public static String filterXml(String s) {
+ if (s == null)
+ return "";
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+ if (c == '<') {
+ sb.append("<");
+ } else if (c == '>') {
+ sb.append(">");
+ } else if (c == '\'') {
+ sb.append("'");
+ } else if (c == '&') {
+ sb.append("&");
+ } else if (c == '"') {
+ sb.append(""");
+ } else {
+ sb.append(c);
+ }
+ }
+ return sb.toString();
+ }
+
+
/**
* Display the given size in bytes, either as KB or MB.
*
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1811704&r1=1811703&r2=1811704&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Oct 10 14:22:31 2017
@@ -75,6 +75,10 @@
<fix>
Enable Javadoc to be built with Java 9. (markt)
</fix>
+ <fix>
+ <bug>61603</bug>: Add XML filtering for the status servlet output where
+ needed. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1811704 - in /tomcat/trunk: java/org/apache/catalina/manager/StatusTransformer.java
webapps/docs/changelog.xml
Posted by Rémy Maucherat <re...@apache.org>.
On Tue, Oct 10, 2017 at 4:34 PM, Konstantin Kolinko <kn...@gmail.com>
wrote:
> The HTMLManagerServlet class in the same package calls
> RequestUtil.filter() e.g. for web application names. (import
> org.apache.catalina.util.RequestUtil;)
>
> This class should use that method as well. There is no need to copy
> the implementation.
>
Well, it's not the same thing here. And I did mention: The escape/filterXml
methods could be factored out maybe (although it would add imports on other
JARs).
Rémy
Re: svn commit: r1811704 - in /tomcat/trunk: java/org/apache/catalina/manager/StatusTransformer.java
webapps/docs/changelog.xml
Posted by Konstantin Kolinko <kn...@gmail.com>.
The HTMLManagerServlet class in the same package calls
RequestUtil.filter() e.g. for web application names. (import
org.apache.catalina.util.RequestUtil;)
This class should use that method as well. There is no need to copy
the implementation.
2017-10-10 17:22 GMT+03:00 <re...@apache.org>:
> Author: remm
> Date: Tue Oct 10 14:22:31 2017
> New Revision: 1811704
>
> URL: http://svn.apache.org/viewvc?rev=1811704&view=rev
> Log:
> 61603: Add XML escaping to the names of some memory pools. The escape/filterXml methods could be factored out maybe (although it would add imports on other JARs).
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
> tomcat/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1811704&r1=1811703&r2=1811704&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java (original)
> +++ tomcat/trunk/java/org/apache/catalina/manager/StatusTransformer.java Tue Oct 10 14:22:31 2017
> @@ -260,7 +260,7 @@ public class StatusTransformer {
> for (MemoryPoolMXBean memoryPoolMBean : memoryPoolMBeans.values()) {
> MemoryUsage usage = memoryPoolMBean.getUsage();
> writer.write("<memorypool");
> - writer.write(" name='" + memoryPoolMBean.getName() + "'");
> + writer.write(" name='" + filterXml(memoryPoolMBean.getName()) + "'");
> writer.write(" type='" + memoryPoolMBean.getType() + "'");
> writer.write(" usageInit='" + usage.getInit() + "'");
> writer.write(" usageCommitted='" + usage.getCommitted() + "'");
> @@ -947,6 +947,35 @@ public class StatusTransformer {
> }
>
>
> + /**
> + * Escape the 5 entities defined by XML.
> + * @param s The message string to be filtered
> + * @return filtered XML content
> + */
> + public static String filterXml(String s) {
> + if (s == null)
> + return "";
> + StringBuilder sb = new StringBuilder();
> + for (int i = 0; i < s.length(); i++) {
> + char c = s.charAt(i);
> + if (c == '<') {
> + sb.append("<");
> + } else if (c == '>') {
> + sb.append(">");
> + } else if (c == '\'') {
> + sb.append("'");
> + } else if (c == '&') {
> + sb.append("&");
> + } else if (c == '"') {
> + sb.append(""");
> + } else {
> + sb.append(c);
> + }
> + }
> + return sb.toString();
> + }
> +
> +
> /**
> * Display the given size in bytes, either as KB or MB.
> *
>
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1811704&r1=1811703&r2=1811704&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Tue Oct 10 14:22:31 2017
> @@ -75,6 +75,10 @@
> <fix>
> Enable Javadoc to be built with Java 9. (markt)
> </fix>
> + <fix>
> + <bug>61603</bug>: Add XML filtering for the status servlet output where
> + needed. (remm)
> + </fix>
> </changelog>
> </subsection>
> <subsection name="Other">
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1811704 - in /tomcat/trunk:
java/org/apache/catalina/manager/StatusTransformer.java
webapps/docs/changelog.xml
Posted by Mark Thomas <ma...@apache.org>.
On 10/10/17 15:22, remm@apache.org wrote:
> Author: remm
> Date: Tue Oct 10 14:22:31 2017
> New Revision: 1811704
>
> URL: http://svn.apache.org/viewvc?rev=1811704&view=rev
> Log:
> 61603: Add XML escaping to the names of some memory pools. The escape/filterXml methods could be factored out maybe (although it would add imports on other JARs).
I took a look at the refactoring and there were multiple versions of XML
and HTML escaping. As it looked to be a strong candidate for
refactoring, I went ahead and did that.
In terms of dependencies, it didn't require any changes.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org