You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <me...@ntlworld.com> on 2003/09/04 01:13:01 UTC
[PATCH] Bug 22715
The patches below (TC5 and TC4) fix bug 22715 in that they ensure that xml
entities are correctly written back out to the password field of
tomcat-users.xml
I did consider a more general patch to allow xml entities in user names, group
names and role names but wasn't sure of the potential side effects. I also
think that users are far more likely to want to use these characters in
passwords than in user names, group names or role names. Thoughts? If the
general consensus is that a more general patch is required, I am happy to
produce one.
Mark
Index: catalina/src/share/org/apache/catalina/users/MemoryUser.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apache/catali
na/users/MemoryUser.java,v
retrieving revision 1.2
diff -u -r1.2 MemoryUser.java
--- catalina/src/share/org/apache/catalina/users/MemoryUser.java 2 Sep 2003
21:22:03 -0000 1.2
+++ catalina/src/share/org/apache/catalina/users/MemoryUser.java 3 Sep 2003
23:01:54 -0000
@@ -70,6 +70,7 @@
import org.apache.catalina.Group;
import org.apache.catalina.Role;
import org.apache.catalina.UserDatabase;
+import org.apache.catalina.util.RequestUtil;
/**
@@ -296,7 +297,7 @@
StringBuffer sb = new StringBuffer("<user username=\"");
sb.append(username);
sb.append("\" password=\"");
- sb.append(password);
+ sb.append(RequestUtil.filter(password));
sb.append("\"");
if (fullName != null) {
sb.append(" fullName=\"");
Index: catalina/src/share/org/apache/catalina/users/MemoryUser.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/us
ers/MemoryUser.java,v
retrieving revision 1.5
diff -u -r1.5 MemoryUser.java
--- catalina/src/share/org/apache/catalina/users/MemoryUser.java 10 Feb 2002
08:06:20 -0000 1.5
+++ catalina/src/share/org/apache/catalina/users/MemoryUser.java 3 Sep 2003
22:45:49 -0000
@@ -68,8 +68,8 @@
import java.util.Iterator;
import org.apache.catalina.Group;
import org.apache.catalina.Role;
-import org.apache.catalina.User;
import org.apache.catalina.UserDatabase;
+import org.apache.catalina.util.RequestUtil;
/**
@@ -296,7 +296,7 @@
StringBuffer sb = new StringBuffer("<user username=\"");
sb.append(username);
sb.append("\" password=\"");
- sb.append(password);
+ sb.append(RequestUtil.filter(password));
sb.append("\"");
if (fullName != null) {
sb.append(" fullName=\"");