You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-commits@lucene.apache.org by ho...@apache.org on 2010/02/13 04:28:08 UTC

svn commit: r909705 - in /lucene/solr/trunk: CHANGES.txt src/webapp/web/admin/stats.jsp

Author: hossman
Date: Sat Feb 13 03:28:07 2010
New Revision: 909705

URL: http://svn.apache.org/viewvc?rev=909705&view=rev
Log:
SOLR-1579: fixes to xml escaping in stats.jsp (the fix commited as part of SOLR-1008 was incorrect)

Modified:
    lucene/solr/trunk/CHANGES.txt
    lucene/solr/trunk/src/webapp/web/admin/stats.jsp

Modified: lucene/solr/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/solr/trunk/CHANGES.txt?rev=909705&r1=909704&r2=909705&view=diff
==============================================================================
--- lucene/solr/trunk/CHANGES.txt (original)
+++ lucene/solr/trunk/CHANGES.txt Sat Feb 13 03:28:07 2010
@@ -175,6 +175,9 @@
 
 * SOLR-1736:In the slave , If 'mov'ing file does not succeed , copy the file (noble)  
 
+* SOLR-1579: Fixes to XML escaping in stats.jsp
+  (David Bowen and hossman)
+
 Other Changes
 ----------------------
 

Modified: lucene/solr/trunk/src/webapp/web/admin/stats.jsp
URL: http://svn.apache.org/viewvc/lucene/solr/trunk/src/webapp/web/admin/stats.jsp?rev=909705&r1=909704&r2=909705&view=diff
==============================================================================
--- lucene/solr/trunk/src/webapp/web/admin/stats.jsp (original)
+++ lucene/solr/trunk/src/webapp/web/admin/stats.jsp Sat Feb 13 03:28:07 2010
@@ -27,12 +27,12 @@
 <solr>
   <%  
   if (core.getName() != null) { %> 
-	  <core><%=core.getName()%></core> 
+	  <core><% XML.escapeCharData(core.getName(), out); %></core> 
   <% } %>
-  <schema><%= collectionName %></schema>
-  <host><%= hostname %></host>
-  <now><%= new Date().toString() %></now>
-  <start><%= new Date(core.getStartTime()) %></start>
+  <schema><% XML.escapeCharData(collectionName, out); %></schema>
+  <host><% XML.escapeCharData(hostname, out); %></host>
+  <now><% XML.escapeCharData(new Date().toString(), out); %></now>
+  <start><% XML.escapeCharData(new Date(core.getStartTime()).toString(), out); %></start>
   <solr-info>
 <%
 for (SolrInfoMBean.Category cat : SolrInfoMBean.Category.values()) {
@@ -55,23 +55,23 @@
 %>
     <entry>
       <name>
-        <%= key %>
+        <% XML.escapeCharData(key, out); %>
       </name>
       <class>
-        <%= name %>
+        <% XML.escapeCharData(name, out); %>
       </class>
       <version>
-        <%= vers %>
+        <% XML.escapeCharData(vers, out); %>
       </version>
       <description>
-        <%= desc %>
+        <% XML.escapeCharData(desc, out); %>
       </description>
       <stats>
 <%
       for (int i = 0; i < nl.size() ; i++) {
 %>
-        <stat name="<%XML.escapeCharData(nl.getName(i), out);  %>" >
-          <%= nl.getVal(i).toString() %>
+        <stat name="<% XML.escapeAttributeValue(nl.getName(i), out);  %>" >
+          <% XML.escapeCharData(nl.getVal(i).toString(), out); %>
         </stat>
 <%
       }