You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by ct...@apache.org on 2011/04/13 08:36:21 UTC
svn commit: r1091669 [1/2] - in
/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp: ./ admin/
components/ navigations/
Author: ctan
Date: Wed Apr 13 06:36:20 2011
New Revision: 1091669
URL: http://svn.apache.org/viewvc?rev=1091669&view=rev
Log:
[CONTINUUM-2620] use c:out and fn:escapeXml to prevent XSS attacks
Modified:
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupTabComponent.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmDeleteProjects.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmReleaseResultsRemoval.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/ProjectMenu.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupBuildDefinition.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupNotifier.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectView.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/releases.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp
continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/viewProjectBuildsReport.jsp
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp Wed Apr 13 06:36:20 2011
@@ -37,7 +37,7 @@
<p><s:property/></p>
</s:iterator>
<c:forEach items="${errorMessages}" var="errorMessage">
- <p>${errorMessage}</p>
+ <p><c:out value="${errorMessage}"/></p>
</c:forEach>
</div>
</c:if>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp Wed Apr 13 06:36:20 2011
@@ -37,7 +37,7 @@
<p><s:property/></p>
</s:iterator>
<c:forEach items="${errorMessages}" var="errorMessage">
- <p>${errorMessage}</p>
+ <p><c:out value="${errorMessage}"/></p>
</c:forEach>
</div>
</c:if>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp Wed Apr 13 06:36:20 2011
@@ -71,24 +71,29 @@
<table>
<tr>
<th><s:text name="appearance.companyPom.organizationName.label"/></th>
- <td>${companyModel.organization.name}</td>
+ <td><c:out value="${companyModel.organization.name}"/></td>
</tr>
<tr>
<th><s:text name="appearance.companyPom.organizationUrl.label"/></th>
- <td><a href="${companyModel.organization.url}" target="_blank">
- <code>${companyModel.organization.url}</code>
+ <c:set var="companyOrgUrl"><c:out value="${companyModel.organization.url}"/></c:set>
+ <td><a href="${companyOrgUrl}" target="_blank">
+ <code><c:out value="${companyModel.organization.url}"/></code>
</a></td>
</tr>
<tr>
<th><s:text name="appearance.companyPom.organizationLogoUrl.label"/></th>
<td>
- <code>${companyModel.properties['organization.logo']}</code>
+ <code><c:out value="${companyModel.properties['organization.logo']}"/></code>
</td>
</tr>
</table>
</c:when>
<c:otherwise>
- <s:text name="appearance.companyPomDoesNotExist"><s:param>${companyPom.groupId}:${companyPom.artifactId}</s:param></s:text>
+ <s:text name="appearance.companyPomDoesNotExist">
+ <s:param>
+ <c:out value="${companyPom.groupId}"/>:<c:out value="${companyPom.artifactId}"/>
+ </s:param>
+ </s:text>
<a href="<s:url action='editCompanyPom' />"><s:text name="appearance.createCompanyPom"/></a>
</c:otherwise>
</c:choose>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp Wed Apr 13 06:36:20 2011
@@ -47,15 +47,15 @@
<ec:row>
<ec:column property="url" title="buildAgents.table.url">
<s:url id="viewBuildAgentUrl" action="viewBuildAgent">
- <s:param name="buildAgent.url">${pageScope.buildAgent.url}</s:param>
+ <s:param name="buildAgent.url"><c:out value="${pageScope.buildAgent.url}"/></s:param>
</s:url>
- <s:a href="%{viewBuildAgentUrl}">${pageScope.buildAgent.url}</s:a>
+ <s:a href="%{viewBuildAgentUrl}"><c:out value="${pageScope.buildAgent.url}"/></s:a>
</ec:column>
<ec:column property="enabled" title="buildAgents.table.enabled"/>
<ec:column property="description" title="buildAgents.table.description"/>
<ec:column property="editActions" title=" " width="1%">
<s:url id="editBuildAgentUrl" action="editBuildAgent">
- <s:param name="buildAgent.url">${pageScope.buildAgent.url}</s:param>
+ <s:param name="buildAgent.url"><c:out value="${pageScope.buildAgent.url}"/></s:param>
</s:url>
<s:a href="%{editBuildAgentUrl}">
<img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"/>
@@ -64,7 +64,7 @@
<ec:column property="deleteActions" title=" " width="1%">
<s:token/>
<s:url id="removeBuildAgentUrl" action="deleteBuildAgent">
- <s:param name="buildAgent.url">${pageScope.buildAgent.url}</s:param>
+ <s:param name="buildAgent.url"><c:out value="${pageScope.buildAgent.url}"/></s:param>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
@@ -104,7 +104,7 @@
</ec:column>
<ec:column property="editActions" title=" " width="1%">
<s:url id="editBuildAgentGroupUrl" action="editBuildAgentGroup">
- <s:param name="buildAgentGroup.name">${pageScope.buildAgentGroup.name}</s:param>
+ <s:param name="buildAgentGroup.name"><c:out value="${pageScope.buildAgentGroup.name}"/></s:param>
</s:url>
<s:a href="%{editBuildAgentGroupUrl}">
<img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"/>
@@ -113,7 +113,7 @@
<ec:column property="deleteActions" title=" " width="1%">
<s:token/>
<s:url id="removeBuildAgentGroupUrl" action="deleteBuildAgentGroup">
- <s:param name="buildAgentGroup.name">${pageScope.buildAgentGroup.name}</s:param>
+ <s:param name="buildAgentGroup.name"><c:out value="${pageScope.buildAgentGroup.name}"/></s:param>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp Wed Apr 13 06:36:20 2011
@@ -46,7 +46,7 @@
<ec:column property="name" title="buildDefinition.template.name"/>
<ec:column property="editAction" title=" " width="1%">
<s:url id="editUrl" action="editBuildDefinitionTemplate" method="edit" namespace="/">
- <s:param name="buildDefinitionTemplate.id">${pageScope.template.id}</s:param>
+ <s:param name="buildDefinitionTemplate.id"><c:out value="${pageScope.template.id}"/></s:param>
</s:url>
<s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
</ec:column>
@@ -59,8 +59,8 @@
<c:otherwise>
<s:token/>
<s:url id="deleteUrl" action="deleteDefinitionTemplate" method="delete" namespace="/">
- <s:param name="buildDefinitionTemplate.id">${pageScope.template.id}</s:param>
- <s:param name="buildDefinitionTemplate.name">${pageScope.template.name}</s:param>
+ <s:param name="buildDefinitionTemplate.id"><c:out value="${pageScope.template.id}"/></s:param>
+ <s:param name="buildDefinitionTemplate.name"><c:out value="${pageScope.template.name}"/></s:param>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
@@ -99,7 +99,7 @@
<ec:column property="type" title="buildDefinition.template.buildDefinition.type"/>
<ec:column property="editAction" title=" " width="1%">
<s:url id="editUrl" action="editBuildDefinitionAsTemplate" method="editBuildDefinition" namespace="/">
- <s:param name="buildDefinition.id">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="buildDefinition.id"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
</s:url>
<s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
</ec:column>
@@ -110,8 +110,8 @@
</c:when>
<c:otherwise>
<s:url id="deleteUrl" action="deleteBuildDefinitionAsTemplate" method="deleteBuildDefinition" namespace="/">
- <s:param name="buildDefinition.id">${pageScope.buildDefinitionSummary.id}</s:param>
- <s:param name="buildDefinition.description">${pageScope.buildDefinitionSummary.description}</s:param>
+ <s:param name="buildDefinition.id"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
+ <s:param name="buildDefinition.description"><c:out value="${pageScope.buildDefinitionSummary.description}"/></s:param>
</s:url>
<s:a href="%{deleteUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
</c:otherwise>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp Wed Apr 13 06:36:20 2011
@@ -49,15 +49,15 @@
<ec:column property="name" title="buildQueue.currentTask.buildQueue" width="29%"/>
<ec:column property="projectUrl" title="buildQueue.currentTask.projectName" width="50%">
<s:url id="viewUrl" action="buildResults">
- <s:param name="projectId">${queue.task.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
</ec:column>
<ec:column property="task.buildDefinitionLabel" title="buildQueue.currentTask.buildDefinition" width="19%"/>
<ec:column property="cancelAction" title=" " width="1%">
<redback:ifAuthorized permission="continuum-manage-queues">
<s:url id="cancelUrl" action="cancelCurrentBuildTask" method="cancelCurrent" namespace="/">
- <s:param name="projectId">${queue.task.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
</s:url>
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
</redback:ifAuthorized>
@@ -92,25 +92,25 @@
<ec:row>
<redback:ifAuthorized permission="continuum-manage-queues">
<ec:column alias="selectedBuildTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
- <input type="checkbox" name="selectedBuildTaskHashCodes" value="${queue.task.hashCode}" />
+ <input type="checkbox" name="selectedBuildTaskHashCodes" value="<c:out value="${queue.task.hashCode}"/>" />
</ec:column>
</redback:ifAuthorized>
<ec:column property="name" title="buildQueue.currentTask.buildQueue" width="29%"/>
<ec:column property="projectUrl" title="buildQueue.currentTask.projectName" width="50%">
<s:url id="viewUrl" action="buildResults">
- <s:param name="projectId">${queue.task.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
</ec:column>
<ec:column property="task.buildDefinitionLabel" title="buildQueue.currentTask.buildDefinition" width="19%"/>
<ec:column property="cancelAction" title=" " width="1%">
<redback:ifAuthorized permission="continuum-manage-queues">
<s:url id="cancelUrl" action="removeBuildQueueEntry" method="remove" namespace="/">
- <s:param name="projectId">${queue.task.projectId}</s:param>
- <s:param name="buildDefinitionId">${queue.task.buildDefinitionId}</s:param>
- <s:param name="trigger">${queue.task.buildTrigger.trigger}</s:param>
- <s:param name="projectName">${queue.task.projectName}</s:param>
- <s:param name="projectGroupId">${queue.task.projectGroupId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${queue.task.buildDefinitionId}"/></s:param>
+ <s:param name="trigger"><c:out value="${queue.task.buildTrigger.trigger}"/></s:param>
+ <s:param name="projectName"><c:out value="${queue.task.projectName}"/></s:param>
+ <s:param name="projectGroupId"><c:out value="${queue.task.projectGroupId}"/></s:param>
</s:url>
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
</redback:ifAuthorized>
@@ -160,14 +160,14 @@
<ec:column property="name" title="checkoutQueue.currentTask.buildQueue" width="29%"/>
<ec:column property="projectUrl" title="checkoutQueue.currentTask.projectName" width="69%">
<s:url id="viewUrl" action="projectView">
- <s:param name="projectId">${queue.task.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
</ec:column>
<ec:column property="cancelAction" title=" " width="1%">
<redback:ifAuthorized permission="continuum-manage-queues">
<s:url id="cancelUrl" action="cancelCurrentQueueTask" method="cancelCurrentCheckout" namespace="/">
- <s:param name="projectId">${queue.task.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
</s:url>
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
</redback:ifAuthorized>
@@ -202,20 +202,20 @@
<ec:row>
<redback:ifAuthorized permission="continuum-manage-queues">
<ec:column alias="selectedCheckOutTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
- <input type="checkbox" name="selectedCheckOutTaskHashCodes" value="${queue.task.hashCode}" />
+ <input type="checkbox" name="selectedCheckOutTaskHashCodes" value="<c:out value="${queue.task.hashCode}"/>" />
</ec:column>
</redback:ifAuthorized>
<ec:column property="name" title="checkoutQueue.currentTask.buildQueue" width="29%"/>
<ec:column property="projectUrl" title="checkoutQueue.currentTask.projectName" width="69%">
<s:url id="viewUrl" action="projectView">
- <s:param name="projectId">${queue.task.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
</ec:column>
<ec:column property="cancelAction" title=" " width="1%">
<redback:ifAuthorized permission="continuum-manage-queues">
<s:url id="cancelUrl" action="removeCheckoutQueueEntry" method="removeCheckout" namespace="/">
- <s:param name="projectId">${queue.task.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
</s:url>
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
</redback:ifAuthorized>
@@ -263,9 +263,9 @@
<ec:row>
<ec:column property="projectGroupUrl" title="prepareBuildQueue.table.projectGroupName">
<s:url id="viewUrl" action="projectGroupSummary">
- <s:param name="projectGroupId">${pageScope.currentPrepareBuild.projectGroupId}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.currentPrepareBuild.projectGroupId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${pageScope.currentPrepareBuild.projectGroupName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${pageScope.currentPrepareBuild.projectGroupName}"/></s:a>
</ec:column>
<ec:column property="scmRootAddress" title="prepareBuildQueue.table.scmRootAddress"/>
</ec:row>
@@ -295,21 +295,21 @@
<ec:row>
<redback:ifAuthorized permission="continuum-manage-queues">
<ec:column alias="selectedPrepareBuildTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" width="1%" headerCell="selectAll">
- <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="${pageScope.prepareBuildQueue.hashCode}" />
+ <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="<c:out value="${pageScope.prepareBuildQueue.hashCode}"/>" />
</ec:column>
</redback:ifAuthorized>
<ec:column property="projectGroupUrl" title="prepareBuildQueue.table.projectGroupName">
<s:url id="viewUrl" action="projectGroupSummary">
- <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${pageScope.prepareBuildQueue.projectGroupName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${pageScope.prepareBuildQueue.projectGroupName}"/></s:a>
</ec:column>
<ec:column property="scmRootAddress" title="prepareBuildQueue.table.scmRootAddress"/>
<ec:column property="cancelEntry" title=" " width="1%">
<redback:ifAuthorized permission="continuum-manage-queues">
<s:url id="cancelUrl" action="removePrepareBuildEntry" method="removePrepareBuildEntry" namespace="/">
- <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
- <s:param name="scmRootId">${pageScope.prepareBuildQueue.scmRootId}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
+ <s:param name="scmRootId"><c:out value="${pageScope.prepareBuildQueue.scmRootId}"/></s:param>
</s:url>
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
</redback:ifAuthorized>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp Wed Apr 13 06:36:20 2011
@@ -41,7 +41,7 @@
<div class="functnbar3">
<s:form action="deleteBuildAgent!delete.action" method="post">
<s:token/>
- <input type="hidden" name="buildAgent.url" value="${buildAgent.url}" />
+ <input type="hidden" name="buildAgent.url" value="<c:out value="${buildAgent.url}"/>" />
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
</s:form>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp Wed Apr 13 06:36:20 2011
@@ -41,7 +41,7 @@
<div class="functnbar3">
<s:form action="deleteBuildAgentGroup!deleteGroup.action" method="post">
<s:token/>
- <input type="hidden" name="buildAgentGroup.name" value="${buildAgentGroup.name}" />
+ <input type="hidden" name="buildAgentGroup.name" value="<c:out value="${buildAgentGroup.name}"/>" />
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
</s:form>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp Wed Apr 13 06:36:20 2011
@@ -40,7 +40,7 @@
<div class="functnbar3">
<s:form action="deleteBuildEnv!delete.action" method="post">
<s:token/>
- <input type="hidden" name="profile.id" value="${profile.id}" />
+ <input type="hidden" name="profile.id" value="<c:out value="${profile.id}"/>" />
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
</s:form>
</div>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp Wed Apr 13 06:36:20 2011
@@ -39,7 +39,7 @@
</div>
<div class="functnbar3">
<s:form action="deleteInstallation" method="post">
- <input type="hidden" name="installation.installationId" value="${installation.installationId}" />
+ <input type="hidden" name="installation.installationId" value="<c:out value="${installation.installationId}"/>" />
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
</s:form>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp Wed Apr 13 06:36:20 2011
@@ -50,7 +50,7 @@
<ec:column property="layout" title="repositories.table.layout"/>
<ec:column property="editActions" title=" " width="1%">
<s:url id="editRepositoryUrl" action="editRepository">
- <s:param name="repository.id">${pageScope.repository.id}</s:param>
+ <s:param name="repository.id"><c:out value="${pageScope.repository.id}"/></s:param>
</s:url>
<c:choose>
<c:when test="${repository.name == 'DEFAULT'}">
@@ -66,7 +66,7 @@
<c:choose>
<c:when test="${defaultPurgeMap[repositoryName]}">
<s:url id="purgeRepositoryUrl" action="purgeRepository">
- <s:param name="repository.id">${pageScope.repository.id}</s:param>
+ <s:param name="repository.id"><c:out value="${pageScope.repository.id}"/></s:param>
</s:url>
<s:a href="%{purgeRepositoryUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
</c:when>
@@ -78,7 +78,7 @@
<ec:column property="deleteActions" title=" " width="1%">
<s:token/>
<s:url id="removeRepositoryUrl" action="removeRepository">
- <s:param name="repository.id">${pageScope.repository.id}</s:param>
+ <s:param name="repository.id"><c:out value="${pageScope.repository.id}"/></s:param>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp Wed Apr 13 06:36:20 2011
@@ -50,8 +50,8 @@
<c:if test="${buildQueue.id != 1}">
<s:token/>
<s:url id="deleteBuildQueueUrl" action="deleteBuildQueue">
- <s:param name="buildQueue.id">${pageScope.buildQueue.id}</s:param>
- <s:param name="buildQueue.name">${pageScope.buildQueue.name}</s:param>
+ <s:param name="buildQueue.id"><c:out value="${pageScope.buildQueue.id}"/></s:param>
+ <s:param name="buildQueue.name"><c:out value="${pageScope.buildQueue.name}"/></s:param>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp Wed Apr 13 06:36:20 2011
@@ -51,12 +51,12 @@
<ec:column property="repository.name" title="purgeConfigs.table.repository">
<redback:ifAuthorized permission="continuum-manage-repositories">
<s:url id="editRepositoryUrl" action="editRepository" namespace="/admin" includeParams="none">
- <s:param name="repository.id">${pageScope.repoPurge.repository.id}</s:param>
+ <s:param name="repository.id"><c:out value="${pageScope.repoPurge.repository.id}"/></s:param>
</s:url>
- <s:a href="%{editRepositoryUrl}">${pageScope.repoPurge.repository.name}</s:a>
+ <s:a href="%{editRepositoryUrl}"><c:out value="${pageScope.repoPurge.repository.name}"/></s:a>
</redback:ifAuthorized>
<redback:elseAuthorized>
- ${pageScope.repoPurge.repository.name}
+ <c:out value="${pageScope.repoPurge.repository.name}"/>
</redback:elseAuthorized>
</ec:column>
<ec:column property="daysOlder" title="purgeConfigs.table.daysOlder"/>
@@ -69,21 +69,21 @@
<ec:column property="description" title="purgeConfigs.table.description"/>
<ec:column property="editActions" title=" " width="1%">
<s:url id="editPurgeConfigUrl" action="editPurgeConfig">
- <s:param name="purgeConfigId">${pageScope.repoPurge.id}</s:param>
+ <s:param name="purgeConfigId"><c:out value="${pageScope.repoPurge.id}"/></s:param>
</s:url>
<s:a href="%{editPurgeConfigUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0" /></s:a>
</ec:column>
<ec:column property="purgeActions" title=" " width="1%">
<s:url id="purgeUrl" action="doPurge">
- <s:param name="purgeConfigId">${pageScope.repoPurge.id}</s:param>
+ <s:param name="purgeConfigId"><c:out value="${pageScope.repoPurge.id}"/></s:param>
</s:url>
<s:a href="%{purgeUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
<s:token/>
<s:url id="removePurgeConfigUrl" action="removePurgeConfig">
- <s:param name="purgeConfigId">${pageScope.repoPurge.id}</s:param>
- <s:param name="description">${pageScope.repoPurge.description}</s:param>
+ <s:param name="purgeConfigId"><c:out value="${pageScope.repoPurge.id}"/></s:param>
+ <s:param name="description"><c:out value="${pageScope.repoPurge.description}"/></s:param>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
@@ -121,21 +121,21 @@
<ec:column property="description" title="purgeConfigs.table.description"/>
<ec:column property="editActions" title=" " width="1%">
<s:url id="editPurgeConfigUrl" action="editPurgeConfig">
- <s:param name="purgeConfigId">${pageScope.dirPurge.id}</s:param>
+ <s:param name="purgeConfigId"><c:out value="${pageScope.dirPurge.id}"/></s:param>
</s:url>
<s:a href="%{editPurgeConfigUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0" /></s:a>
</ec:column>
<ec:column property="purgeActions" title=" " width="1%">
<s:url id="purgeUrl" action="doPurge">
- <s:param name="purgeConfigId">${pageScope.dirPurge.id}</s:param>
+ <s:param name="purgeConfigId"><c:out value="${pageScope.dirPurge.id}"/></s:param>
</s:url>
<s:a href="%{purgeUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
<s:token/>
<s:url id="removePurgeConfigUrl" action="removePurgeConfig">
- <s:param name="purgeConfigId">${pageScope.dirPurge.id}</s:param>
- <s:param name="description">${pageScope.dirPurge.description}</s:param>
+ <s:param name="purgeConfigId"><c:out value="${pageScope.dirPurge.id}"/></s:param>
+ <s:param name="description"><c:out value="${pageScope.dirPurge.description}"/></s:param>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp Wed Apr 13 06:36:20 2011
@@ -53,16 +53,16 @@
<ec:row>
<ec:column property="projectUrl" title="distributedBuild.table.projectName">
<s:url id="viewUrl" action="buildResults">
- <s:param name="projectId">${pageScope.currentBuild.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.currentBuild.projectId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${pageScope.currentBuild.projectName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${pageScope.currentBuild.projectName}"/></s:a>
</ec:column>
<ec:column property="buildDefinitionLabel" title="distributedBuild.table.buildDefinitionLabel"/>
<ec:column property="projectGroupName" title="distributedBuild.table.projectGroupName"/>
<ec:column property="buildAgentUrl" title="distributedBuild.table.buildAgentUrl"/>
<ec:column property="cancelEntry" title=" " width="1%">
<s:url id="cancelUrl" action="cancelDistributedBuild" method="cancelDistributedBuild" namespace="/">
- <s:param name="buildAgentUrl">${pageScope.currentBuild.buildAgentUrl}</s:param>
+ <s:param name="buildAgentUrl"><c:out value="${pageScope.currentBuild.buildAgentUrl}"/></s:param>
</s:url>
<redback:ifAuthorized permission="continuum-manage-queues">
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
@@ -97,14 +97,14 @@
<ec:row>
<redback:ifAuthorized permission="continuum-manage-queues">
<ec:column alias="selectedBuildTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
- <input type="checkbox" name="selectedBuildTaskHashCodes" value="${pageScope.buildQueue.hashCode}" />
+ <input type="checkbox" name="selectedBuildTaskHashCodes" value="<c:out value="${pageScope.buildQueue.hashCode}"/>" />
</ec:column>
</redback:ifAuthorized>
<ec:column property="projectUrl" title="distributedBuild.table.projectName">
<s:url id="viewUrl" action="buildResults">
- <s:param name="projectId">${pageScope.buildQueue.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.buildQueue.projectId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${pageScope.buildQueue.projectName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${pageScope.buildQueue.projectName}"/></s:a>
</ec:column>
<ec:column property="buildDefinitionLabel" title="distributedBuild.table.buildDefinitionLabel"/>
<ec:column property="projectGroupName" title="distributedBuild.table.projectGroupName"/>
@@ -112,9 +112,9 @@
<ec:column property="cancelEntry" title=" " width="1%">
<redback:ifAuthorized permission="continuum-manage-queues">
<s:url id="cancelUrl" action="removeDistributedBuildEntry" method="removeDistributedBuildEntry" namespace="/">
- <s:param name="projectId">${pageScope.buildQueue.projectId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildQueue.buildDefinitionId}</s:param>
- <s:param name="buildAgentUrl">${pageScope.buildQueue.buildAgentUrl}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.buildQueue.projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildQueue.buildDefinitionId}"/></s:param>
+ <s:param name="buildAgentUrl"><c:out value="${pageScope.buildQueue.buildAgentUrl}"/></s:param>
</s:url>
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
</redback:ifAuthorized>
@@ -159,9 +159,9 @@
<ec:row>
<ec:column property="projectGroupUrl" title="distributedPrepareBuild.table.projectGroupName">
<s:url id="viewUrl" action="projectGroupSummary">
- <s:param name="projectGroupId">${pageScope.currentPrepareBuild.projectGroupId}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.currentPrepareBuild.projectGroupId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${pageScope.currentPrepareBuild.projectGroupName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${pageScope.currentPrepareBuild.projectGroupName}"/></s:a>
</ec:column>
<ec:column property="scmRootAddress" title="distributedPrepareBuild.table.scmRootAddress"/>
<ec:column property="buildAgentUrl" title="distributedPrepareBuild.table.buildAgentUrl"/>
@@ -192,23 +192,23 @@
<ec:row>
<redback:ifAuthorized permission="continuum-manage-queues">
<ec:column alias="selectedPrepareBuildTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" width="1%" headerCell="selectAll">
- <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="${pageScope.prepareBuildQueue.hashCode}" />
+ <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="<c:out value="${pageScope.prepareBuildQueue.hashCode}"/>" />
</ec:column>
</redback:ifAuthorized>
<ec:column property="projectGroupUrl" title="distributedPrepareBuild.table.projectGroupName">
<s:url id="viewUrl" action="projectGroupSummary">
- <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
</s:url>
- <s:a href="%{viewUrl}">${pageScope.prepareBuildQueue.projectGroupName}</s:a>
+ <s:a href="%{viewUrl}"><c:out value="${pageScope.prepareBuildQueue.projectGroupName}"/></s:a>
</ec:column>
<ec:column property="scmRootAddress" title="distributedPrepareBuild.table.scmRootAddress"/>
<ec:column property="buildAgentUrl" title="distributedPrepareBuild.table.buildAgentUrl"/>
<ec:column property="cancelEntry" title=" " width="1%">
<redback:ifAuthorized permission="continuum-manage-queues">
<s:url id="cancelUrl" action="removeDistributedPrepareBuildEntry" method="removeDistributedPrepareBuildEntry" namespace="/">
- <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
- <s:param name="scmRootId">${pageScope.prepareBuildQueue.scmRootId}</s:param>
- <s:param name="buildAgentUrl">${pageScope.prepareBuildQueue.buildAgentUrl}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
+ <s:param name="scmRootId"><c:out value="${pageScope.prepareBuildQueue.scmRootId}"/></s:param>
+ <s:param name="buildAgentUrl"><c:out value="${pageScope.prepareBuildQueue.buildAgentUrl}"/></s:param>
</s:url>
<s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
</redback:ifAuthorized>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp Wed Apr 13 06:36:20 2011
@@ -22,6 +22,8 @@
<%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
<%@ taglib prefix="c1" uri="continuum" %>
<%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
<html>
<s:i18n name="localization.Continuum">
<head>
@@ -76,7 +78,7 @@
<tbody>
<tr>
<td>
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<form action="removeBuildResult.action">
<input type="hidden" name="projectId" value="<s:property value="projectId"/>"/>
<input type="hidden" name="buildId" value="<s:property value="buildId"/>"/>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp Wed Apr 13 06:36:20 2011
@@ -21,6 +21,8 @@
<%@ taglib uri="http://www.extremecomponents.org" prefix="ec" %>
<%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
<%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
<html>
<s:i18n name="localization.Continuum">
<head>
@@ -60,9 +62,9 @@
filterable="false"
sortable="false">
<ec:row highlightRow="true">
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<ec:column alias="selectedBuildResults" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
- <input type="checkbox" name="selectedBuildResults" value="${buildResult.id}" />
+ <input type="checkbox" name="selectedBuildResults" value="<c:out value="${buildResult.id}"/>" />
</ec:column>
</redback:ifAuthorized>
<ec:column property="buildNumberIfNotZero" title="buildResults.buildNumber">
@@ -75,10 +77,10 @@
<ec:column property="duration" title=" ">
<c:choose>
<c:when test="${buildResult.endTime gt 0}">
- <s:text name="buildResults.duration"/> : ${buildResult.durationTime}
+ <s:text name="buildResults.duration"/> : <c:out value="${buildResult.durationTime}"/>
</c:when>
<c:otherwise>
- <s:text name="buildResults.startedSince"/> : ${buildResult.elapsedTime}
+ <s:text name="buildResults.startedSince"/> : <c:out value="${buildResult.elapsedTime}"/>
</c:otherwise>
</c:choose>
</ec:column>
@@ -86,10 +88,10 @@
<ec:column property="buildDefinition.description" title="buildResults.buildDefinition.description" />
<ec:column property="actions" title=" ">
<s:url id="buildResultUrl" action="buildResult">
- <s:param name="projectId">${projectId}</s:param>
- <s:param name="projectName">${projectName}</s:param>
- <s:param name="buildId">${buildResult.id}</s:param>
- <s:param name="projectGroupId">${projectGroupId}</s:param>
+ <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+ <s:param name="projectName"><c:out value="${projectName}"/></s:param>
+ <s:param name="buildId"><c:out value="${buildResult.id}"/></s:param>
+ <s:param name="projectGroupId"><c:out value="${projectGroupId}"/></s:param>
</s:url>
<s:a href="%{buildResultUrl}"><s:text name="buildResults.result"/></s:a>
</ec:column>
@@ -101,7 +103,7 @@
<tbody>
<tr>
<td>
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<s:hidden name="projectGroupId"/>
<s:hidden name="projectId"/>
<input type="button" name="delete-project" value="<s:text name="delete"/>" onclick="document.forms.buildResultsForm.submit();" />
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp Wed Apr 13 06:36:20 2011
@@ -22,10 +22,11 @@
<%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
<%@ taglib uri="continuum" prefix="c1" %>
<%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<s:i18n name="localization.Continuum">
- <h3><s:text name="buildDefinitionSummary.projectGroup.section.title"><s:param>${projectGroup.name}</s:param></s:text></h3>
+ <h3><s:text name="buildDefinitionSummary.projectGroup.section.title"><s:param><c:out value="${projectGroup.name}"/></s:param></s:text></h3>
<c:if test="${not empty groupBuildDefinitionSummaries}">
<ec:table items="groupBuildDefinitionSummaries"
var="buildDefinitionSummary"
@@ -42,19 +43,19 @@
<ec:column property="scheduleName" title="projectView.buildDefinition.schedule">
<redback:ifAuthorized permission="continuum-manage-schedules">
<s:url id="scheduleUrl" action="schedule" namespace="/" includeParams="none">
- <s:param name="id">${pageScope.buildDefinitionSummary.scheduleId}</s:param>
+ <s:param name="id"><c:out value="${pageScope.buildDefinitionSummary.scheduleId}"/></s:param>
</s:url>
- <s:a href="%{scheduleUrl}">${pageScope.buildDefinitionSummary.scheduleName}</s:a>
+ <s:a href="%{scheduleUrl}"><c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/></s:a>
</redback:ifAuthorized>
<redback:elseAuthorized>
- ${pageScope.buildDefinitionSummary.scheduleName}
+ <c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/>
</redback:elseAuthorized>
</ec:column>
<ec:column property="profileName" title="projectView.buildDefinition.profile">
<s:url id="profileUrl" action="editBuildEnv!edit.action" namespace="/" includeParams="none">
- <s:param name="profile.id">${pageScope.buildDefinitionSummary.profileId}</s:param>
+ <s:param name="profile.id"><c:out value="${pageScope.buildDefinitionSummary.profileId}"/></s:param>
</s:url>
- <s:a href="%{profileUrl}">${pageScope.buildDefinitionSummary.profileName}</s:a>
+ <s:a href="%{profileUrl}"><c:out value="${pageScope.buildDefinitionSummary.profileName}"/></s:a>
</ec:column>
<ec:column property="from" title="projectView.buildDefinition.from"/>
<ec:column property="isBuildFresh" title="projectView.buildDefinition.buildFresh"/>
@@ -63,10 +64,10 @@
<ec:column property="type" title="projectView.buildDefinition.type"/>
<ec:column property="alwaysBuild" title="projectView.buildDefinition.alwaysBuild"/>
<ec:column property="buildAction" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-build-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-build-group" resource="${fn:escapeXml(projectGroupName)}">
<s:url id="buildUrl" action="buildProject" namespace="/">
- <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="fromGroupPage" value="true"/>
</s:url>
<s:a href="%{buildUrl}"><img src="<s:url value='/images/buildnow.gif' includeParams="none"/>" alt="<s:text name='build'/>" title="<s:text name='build'/>" border="0"></s:a>
@@ -77,10 +78,10 @@
</ec:column>
<ec:column property="editActions" title=" " width="1%">
<center>
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<s:url id="editUrl" action="buildDefinition" method="input" namespace="/" includeParams="none">
- <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
</s:url>
<s:a href="%{editUrl}">
<img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0">
@@ -93,7 +94,7 @@
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
<center>
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<c:choose>
<c:when test="${pageScope.buildDefinitionSummary.isDefault == true}">
<img src="<s:url value='/images/delete_disabled.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0">
@@ -101,8 +102,8 @@
<c:otherwise>
<s:token/>
<s:url id="removeUrl" action="removeGroupBuildDefinition" namespace="/">
- <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="confirmed" value="false"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
@@ -121,7 +122,7 @@
</ec:row>
</ec:table>
</c:if>
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<div class="functnbar3">
<s:form action="buildDefinition" method="post">
<input type="hidden" name="projectGroupId" value="<s:property value="projectGroupId"/>"/>
@@ -144,9 +145,9 @@
<ec:row>
<ec:column property="projectName" title="buildDefinitionSummary.project">
<s:url id="projectUrl" action="projectView" namespace="/" includeParams="none">
- <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
</s:url>
- <s:a href="%{projectUrl}">${pageScope.buildDefinitionSummary.projectName}</s:a>
+ <s:a href="%{projectUrl}"><c:out value="${pageScope.buildDefinitionSummary.projectName}"/></s:a>
</ec:column>
<ec:column property="goals" title="projectView.buildDefinition.goals"/>
<ec:column property="arguments" title="projectView.buildDefinition.arguments"/>
@@ -154,19 +155,19 @@
<ec:column property="scheduleName" title="projectView.buildDefinition.schedule">
<redback:ifAuthorized permission="continuum-manage-schedules">
<s:url id="scheduleUrl" action="schedule" namespace="/" includeParams="none">
- <s:param name="id">${pageScope.buildDefinitionSummary.scheduleId}</s:param>
+ <s:param name="id"><c:out value="${pageScope.buildDefinitionSummary.scheduleId}"/></s:param>
</s:url>
- <s:a href="%{scheduleUrl}">${pageScope.buildDefinitionSummary.scheduleName}</s:a>
+ <s:a href="%{scheduleUrl}"><c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/></s:a>
</redback:ifAuthorized>
<redback:elseAuthorized>
- ${pageScope.buildDefinitionSummary.scheduleName}
+ <c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/>
</redback:elseAuthorized>
</ec:column>
<ec:column property="profileName" title="projectView.buildDefinition.profile">
<s:url id="profileUrl" action="editBuildEnv!edit.action" namespace="/" includeParams="none">
- <s:param name="profile.id">${pageScope.buildDefinitionSummary.profileId}</s:param>
+ <s:param name="profile.id"><c:out value="${pageScope.buildDefinitionSummary.profileId}"/></s:param>
</s:url>
- <s:a href="%{profileUrl}">${pageScope.buildDefinitionSummary.profileName}</s:a>
+ <s:a href="%{profileUrl}"><c:out value="${pageScope.buildDefinitionSummary.profileName}"/></s:a>
</ec:column>
<ec:column property="from" title="projectView.buildDefinition.from"/>
<ec:column property="isBuildFresh" title="projectView.buildDefinition.buildFresh"/>
@@ -175,10 +176,10 @@
<ec:column property="type" title="projectView.buildDefinition.type"/>
<ec:column property="alwaysBuild" title="projectView.buildDefinition.alwaysBuild"/>
<ec:column property="buildNowAction" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-build-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-build-group" resource="${fn:escapeXml(projectGroupName)}">
<s:url id="buildProjectUrl" action="buildProject" namespace="/" includeParams="none">
- <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
</s:url>
<s:a href="%{buildProjectUrl}">
<img src="<s:url value='/images/buildnow.gif' includeParams="none"/>" alt="<s:text name='build'/>" title="<s:text name='build'/>" border="0">
@@ -189,10 +190,10 @@
</redback:elseAuthorized>
</ec:column>
<ec:column property="editAction" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<s:url id="editUrl" action="buildDefinition" method="input" namespace="/">
- <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="groupBuildView" value="true"/>
</s:url>
<s:a href="%{editUrl}">
@@ -204,11 +205,11 @@
</redback:elseAuthorized>
</ec:column>
<ec:column property="removeAction" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
<s:token/>
<s:url id="removeUrl" action="removeProjectBuildDefinition" namespace="/">
- <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="confirmed" value="false"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp Wed Apr 13 06:36:20 2011
@@ -22,6 +22,7 @@
<%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
<%@ taglib uri="continuum" prefix="c1" %>
<%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<s:i18n name="localization.Continuum">
<ec:table items="allBuildDefinitionSummaries"
@@ -39,12 +40,12 @@
<ec:column property="scheduleName" title="projectView.buildDefinition.schedule">
<redback:ifAuthorized permission="continuum-manage-schedules">
<s:url id="scheduleUrl" action="schedule" namespace="/" includeParams="none">
- <s:param name="id">${pageScope.buildDefinitionSummary.scheduleId}</s:param>
+ <s:param name="id"><c:out value="${pageScope.buildDefinitionSummary.scheduleId}"/></s:param>
</s:url>
- <s:a href="%{scheduleUrl}">${pageScope.buildDefinitionSummary.scheduleName}</s:a>
+ <s:a href="%{scheduleUrl}"><c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/></s:a>
</redback:ifAuthorized>
<redback:elseAuthorized>
- ${pageScope.buildDefinitionSummary.scheduleName}
+ <c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/>
</redback:elseAuthorized>
</ec:column>
<ec:column property="profileName" title="projectView.buildDefinition.profile"/>
@@ -54,10 +55,10 @@
<ec:column property="description" title="projectView.buildDefinition.description"/>
<ec:column property="type" title="projectView.buildDefinition.type"/>
<ec:column property="buildAction" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-build-group" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-build-group" resource="${fn:escapeXml(projectGroupName)}">
<s:url id="buildProjectUrl" action="buildProject" namespace="/">
- <s:param name="projectId">${projectId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="fromProjectPage" value="true"/>
</s:url>
<s:a href="%{buildProjectUrl}"><img src="<s:url value='/images/buildnow.gif' includeParams="none"/>" alt="<s:text name='build'/>" title="<s:text name='build'/>" border="0"></s:a>
@@ -70,10 +71,10 @@
<%-- if the from is PROJECT then render the links differently --%>
<c:choose>
<c:when test="${pageScope.buildDefinitionSummary.from=='PROJECT'}">
- <redback:ifAuthorized permission="continuum-modify-project-build-definition" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-project-build-definition" resource="${fn:escapeXml(projectGroupName)}">
<s:url id="editUrl" action="buildDefinition" method="input" namespace="/">
- <s:param name="projectId">${projectId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
</s:url>
<s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
</redback:ifAuthorized>
@@ -82,10 +83,10 @@
</redback:elseAuthorized>
</c:when>
<c:otherwise>
- <redback:ifAuthorized permission="continuum-modify-group-build-definition" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-modify-group-build-definition" resource="${fn:escapeXml(projectGroupName)}">
<s:url id="editUrl" action="buildDefinition" method="input" namespace="/">
- <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="groupBuildDefinition">true</s:param>
</s:url>
<s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
@@ -100,11 +101,11 @@
<%-- if the from is PROJECT then render the links differently --%>
<c:choose>
<c:when test="${pageScope.buildDefinitionSummary.from=='PROJECT'}">
- <redback:ifAuthorized permission="continuum-remove-project-build-definition" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-remove-project-build-definition" resource="${fn:escapeXml(projectGroupName)}">
<s:token/>
<s:url id="removeUrl" action="removeProjectBuildDefinition" namespace="/">
- <s:param name="projectId">${projectId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="confirmed" value="false"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
@@ -116,7 +117,7 @@
</redback:elseAuthorized>
</c:when>
<c:otherwise>
- <redback:ifAuthorized permission="continuum-remove-group-build-definition" resource="${projectGroupName}">
+ <redback:ifAuthorized permission="continuum-remove-group-build-definition" resource="${fn:escapeXml(projectGroupName)}">
<c:choose>
<c:when test="${buildDefinitionSummary.id == defaultGroupDefinitionId || buildDefinitionSummary.isDefault}">
<img src="<s:url value='/images/delete_disabled.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0" />
@@ -124,8 +125,8 @@
<c:otherwise>
<s:token/>
<s:url id="removeUrl" action="removeGroupBuildDefinition" namespace="/">
- <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
- <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+ <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
<s:param name="groupBuildDefinition">true</s:param>
<s:param name="confirmed" value="false"/>
<s:param name="struts.token.name">struts.token</s:param>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp Wed Apr 13 06:36:20 2011
@@ -19,18 +19,20 @@
<%@ taglib uri="/struts-tags" prefix="s" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
<s:set name="companyLogo" value="companyLogo"/>
<c:if test="${!empty (companyLogo)}">
- <s:set name="companyName" value="companyName"/>
- <s:set name="companyUrl" value="companyUrl"/>
+ <s:set name="companyName" value="companyName"/>"/>
+ <s:set name="companyUrl" value="companyUrl"/>"/>
<c:choose>
<c:when test="${!empty (companyUrl)}">
- <a href="${companyUrl}">
- <img src="${companyLogo}" title="${companyName}" border="0" alt="${companyName}"/>
+ <a href="${fn:escapeXml(companyUrl)}">
+ <img src="${fn:escapeXml(companyLogo)}" title="${fn:escapeXml(companyName)}" border="0" alt="${fn:escapeXml(companyName)}"/>
</a>
</c:when>
<c:otherwise>
- <img src="${companyLogo}" title="${companyName}" border="0" alt="${companyName}"/>
+ <img src="${fn:escapeXml(companyLogo)}" title="${fn:escapeXml(companyName)}" border="0" alt="${fn:escapeXml(companyName)}"/>
</c:otherwise>
</c:choose>
</c:if>
Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp Wed Apr 13 06:36:20 2011
@@ -22,9 +22,10 @@
<%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
<%@ taglib uri="continuum" prefix="c1" %>
<%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<s:i18n name="localization.Continuum">
- <h3><s:text name="projectGroupNotifierSummaryComponent.groupNotifiers"><s:param>${projectGroup.name}</s:param></s:text></h3>
+ <h3><s:text name="projectGroupNotifierSummaryComponent.groupNotifiers"><s:param><c:out value="${projectGroup.name}"/></s:param></s:text></h3>
<c:if test="${not empty projectGroupNotifierSummaries}">
<ec:table items="projectGroupNotifierSummaries"
var="projectGroupNotifierSummary"
@@ -40,11 +41,11 @@
<ec:column property="events" title="projectView.notifier.events"/>
<!-- ec:column property="sender" title="projectView.notifier.sender"/ -->
<ec:column property="editActions" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
<s:url id="editUrl" action="editProjectGroupNotifier" namespace="/">
- <s:param name="projectGroupId">${pageScope.projectGroupNotifierSummary.projectGroupId}</s:param>
- <s:param name="notifierId">${pageScope.projectGroupNotifierSummary.id}</s:param>
- <s:param name="notifierType">${pageScope.projectGroupNotifierSummary.type}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.projectGroupNotifierSummary.projectGroupId}"/></s:param>
+ <s:param name="notifierId"><c:out value="${pageScope.projectGroupNotifierSummary.id}"/></s:param>
+ <s:param name="notifierType"><c:out value="${pageScope.projectGroupNotifierSummary.type}"/></s:param>
</s:url>
<s:a href="%{editUrl}">
<img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name="edit"/>" title="<s:text name="edit"/>" border="0">
@@ -55,11 +56,11 @@
</redback:elseAuthorized>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
<s:url id="removeUrl" action="deleteProjectGroupNotifier!default.action" namespace="/">
- <s:param name="projectGroupId">${pageScope.projectGroupNotifierSummary.projectGroupId}</s:param>
- <s:param name="notifierId">${pageScope.projectGroupNotifierSummary.id}</s:param>
- <s:param name="notifierType">${pageScope.projectGroupNotifierSummary.type}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.projectGroupNotifierSummary.projectGroupId}"/></s:param>
+ <s:param name="notifierId"><c:out value="${pageScope.projectGroupNotifierSummary.id}"/></s:param>
+ <s:param name="notifierType"><c:out value="${pageScope.projectGroupNotifierSummary.type}"/></s:param>
</s:url>
<s:a href="%{removeUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name="delete"/>" title="<s:text name="delete"/>" border="0">
@@ -73,7 +74,7 @@
</ec:table>
</c:if>
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
<div class="functnbar3">
<s:url id="addUrl" action="addProjectGroupNotifier" namespace="/" includeContext="false" includeParams="none" />
<s:form action="%{addUrl}" method="post">
@@ -96,23 +97,23 @@
<ec:row>
<ec:column property="projectName" title="projectView.project.name">
<s:url id="projectUrl" action="projectView" namespace="/" includeParams="none">
- <s:param name="projectId">${pageScope.projectNotifierSummary.projectId}</s:param>
+ <s:param name="projectId"><c:out value="${pageScope.projectNotifierSummary.projectId}"/></s:param>
</s:url>
- <s:a href="%{projectUrl}">${pageScope.projectNotifierSummary.projectName}</s:a>
+ <s:a href="%{projectUrl}"><c:out value="${pageScope.projectNotifierSummary.projectName}"/></s:a>
</ec:column>
<ec:column property="type" title="projectView.notifier.type"/>
<ec:column property="recipient" title="projectView.notifier.recipient"/>
<ec:column property="events" title="projectView.notifier.events"/>
<!-- ec:column property="sender" title="projectView.notifier.sender"/ -->
<ec:column property="editActions" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
<c:choose>
<c:when test="${!pageScope.projectNotifierSummary.fromProject}">
<s:url id="editUrl" action="editProjectNotifier" namespace="/" includeParams="none">
- <s:param name="projectGroupId">${pageScope.projectNotifierSummary.projectGroupId}</s:param>
- <s:param name="projectId">${pageScope.projectNotifierSummary.projectId}</s:param>
- <s:param name="notifierId">${pageScope.projectNotifierSummary.id}</s:param>
- <s:param name="notifierType">${pageScope.projectNotifierSummary.type}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.projectNotifierSummary.projectGroupId}"/></s:param>
+ <s:param name="projectId"><c:out value="${pageScope.projectNotifierSummary.projectId}"/></s:param>
+ <s:param name="notifierId"><c:out value="${pageScope.projectNotifierSummary.id}"/></s:param>
+ <s:param name="notifierType"><c:out value="${pageScope.projectNotifierSummary.type}"/></s:param>
<s:param name="fromGroupPage" value="true"/>
</s:url>
<s:a href="%{editUrl}">
@@ -129,13 +130,13 @@
</redback:elseAuthorized>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
- <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+ <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
<c:choose>
<c:when test="${!pageScope.projectNotifierSummary.fromProject}">
<s:url id="removeUrl" action="deleteProjectNotifier!default.action" namespace="/">
- <s:param name="projectGroupId">${pageScope.projectNotifierSummary.projectGroupId}</s:param>
- <s:param name="projectId">${pageScope.projectNotifierSummary.projectId}</s:param>
- <s:param name="notifierId">${pageScope.projectNotifierSummary.id}</s:param>
+ <s:param name="projectGroupId"><c:out value="${pageScope.projectNotifierSummary.projectGroupId}"/></s:param>
+ <s:param name="projectId"><c:out value="${pageScope.projectNotifierSummary.projectId}"/></s:param>
+ <s:param name="notifierId"><c:out value="${pageScope.projectNotifierSummary.id}"/></s:param>
<s:param name="fromGroupPage" value="true"/>
</s:url>
<s:a href="%{removeUrl}">
Re: svn commit: r1091669 [1/2] - in /continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp:
./ admin/ components/ navigations/
Posted by Marica Tan <ma...@gmail.com>.
On Wed, Apr 13, 2011 at 3:14 PM, Brett Porter <br...@apache.org> wrote:
>
>
> On 13/04/2011, at 4:36 PM, ctan@apache.org wrote:
>
> > Author: ctan
> > Date: Wed Apr 13 06:36:20 2011
> > New Revision: 1091669
> >
> > URL: http://svn.apache.org/viewvc?rev=1091669&view=rev
> > Log:
> > [CONTINUUM-2620] use c:out and fn:escapeXml to prevent XSS attacks
>
> It's good to be cautious in this area, but most of the c:out's are
> overprotective (e.g. things that are generated by the app). I'd like to make
> sure we catch these things where they are invalid on the way in, rather than
> just on the page.
>
> Will still be adding/modifying validations in the action classes.
> I'm not sure the fn:escapeXml is useful. On the redback tags, there's no
> XSS risk as it never gets onto the page. For the following, it might not be
> sufficient:
>
> <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em;
> text-decoration: none;" href="${fn:escapeXml(projectGroupMembersUrl)}"
>
> What happens if the url contains this?
>
> " onerror="javascript:alert('gotcha')
>
> I think as long as those URLs are properly validated where they are created
> they should be fine without the fn.
>
>
Ok noted.
Thanks,
--
Marica
> - Brett
>
> --
> Brett Porter
> brett@apache.org
> http://brettporter.wordpress.com/
>
>
Re: svn commit: r1091669 [1/2] - in /continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp: ./ admin/ components/ navigations/
Posted by Brett Porter <br...@apache.org>.
On 13/04/2011, at 4:36 PM, ctan@apache.org wrote:
> Author: ctan
> Date: Wed Apr 13 06:36:20 2011
> New Revision: 1091669
>
> URL: http://svn.apache.org/viewvc?rev=1091669&view=rev
> Log:
> [CONTINUUM-2620] use c:out and fn:escapeXml to prevent XSS attacks
It's good to be cautious in this area, but most of the c:out's are overprotective (e.g. things that are generated by the app). I'd like to make sure we catch these things where they are invalid on the way in, rather than just on the page.
I'm not sure the fn:escapeXml is useful. On the redback tags, there's no XSS risk as it never gets onto the page. For the following, it might not be sufficient:
<a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${fn:escapeXml(projectGroupMembersUrl)}"
What happens if the url contains this?
" onerror="javascript:alert('gotcha')
I think as long as those URLs are properly validated where they are created they should be fine without the fn.
- Brett
--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/