You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by sc...@apache.org on 2016/12/30 23:18:05 UTC
svn commit: r1776657 -
/maven/plugins/trunk/maven-invoker-plugin/src/main/java/org/apache/maven/plugin/invoker/AbstractInvokerMojo.java
Author: schulte
Date: Fri Dec 30 23:18:05 2016
New Revision: 1776657
URL: http://svn.apache.org/viewvc?rev=1776657&view=rev
Log:
[MINVOKER-213] The plugin should escape any XML special characters (&<>) during interpolating XML files.
Modified:
maven/plugins/trunk/maven-invoker-plugin/src/main/java/org/apache/maven/plugin/invoker/AbstractInvokerMojo.java
Modified: maven/plugins/trunk/maven-invoker-plugin/src/main/java/org/apache/maven/plugin/invoker/AbstractInvokerMojo.java
URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-invoker-plugin/src/main/java/org/apache/maven/plugin/invoker/AbstractInvokerMojo.java?rev=1776657&r1=1776656&r2=1776657&view=diff
==============================================================================
--- maven/plugins/trunk/maven-invoker-plugin/src/main/java/org/apache/maven/plugin/invoker/AbstractInvokerMojo.java (original)
+++ maven/plugins/trunk/maven-invoker-plugin/src/main/java/org/apache/maven/plugin/invoker/AbstractInvokerMojo.java Fri Dec 30 23:18:05 2016
@@ -19,8 +19,6 @@ package org.apache.maven.plugin.invoker;
* under the License.
*/
-import static org.apache.maven.shared.utils.logging.MessageUtils.buffer;
-
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
@@ -53,7 +51,7 @@ import java.util.TreeSet;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
-
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.model.Model;
import org.apache.maven.model.Profile;
@@ -100,6 +98,7 @@ import org.codehaus.plexus.util.cli.Comm
import org.codehaus.plexus.util.cli.CommandLineUtils;
import org.codehaus.plexus.util.cli.Commandline;
import org.codehaus.plexus.util.cli.StreamConsumer;
+import static org.apache.maven.shared.utils.logging.MessageUtils.buffer;
/**
* Provides common code for mojos invoking sub builds.
@@ -2277,9 +2276,12 @@ public abstract class AbstractInvokerMoj
/**
* Returns the map-based value source used to interpolate POMs and other stuff.
*
+ * @param escapeXml {@code true}, to escape any XML special characters in the property values; {@code false}, to not
+ * escape any property values.
+ *
* @return The map-based value source for interpolation, never <code>null</code>.
*/
- private Map<String, Object> getInterpolationValueSource()
+ private Map<String, Object> getInterpolationValueSource( final boolean escapeXml )
{
Map<String, Object> props = new HashMap<String, Object>();
@@ -2294,6 +2296,19 @@ public abstract class AbstractInvokerMoj
props.put( "localRepository", settings.getLocalRepository() );
props.put( "localRepositoryUrl", toUrl( settings.getLocalRepository() ) );
}
+
+ if ( escapeXml )
+ {
+ final Map<String, Object> escapedProperties = new HashMap<String, Object>( props.size() );
+
+ for ( final Map.Entry<String, Object> e : props.entrySet() )
+ {
+ escapedProperties.put( e.getKey(), StringEscapeUtils.escapeXml( e.getValue().toString() ) );
+ }
+
+ props = escapedProperties;
+ }
+
return new CompositeMap( this.project, props );
}
@@ -2364,7 +2379,7 @@ public abstract class AbstractInvokerMoj
BufferedReader reader = null;
try
{
- Map<String, Object> composite = getInterpolationValueSource();
+ Map<String, Object> composite = getInterpolationValueSource( false );
reader = new BufferedReader( new InterpolationFilterReader( newReader( tokenFile ), composite ) );
for ( String line = reader.readLine(); line != null; line = reader.readLine() )
@@ -2409,10 +2424,14 @@ public abstract class AbstractInvokerMoj
/**
* Interpolates the specified POM/settings file to a temporary file. The destination file may be same as the input
* file, i.e. interpolation can be performed in-place.
+ * <p>
+ * <b>Note:</b>This methods expects the file to be a XML file and applies special XML escaping during interpolation.
+ * </p>
*
* @param originalFile The XML file to interpolate, must not be <code>null</code>.
* @param interpolatedFile The target file to write the interpolated contents of the original file to, must not be
- * <code>null</code>.
+ * <code>null</code>.
+ *
* @throws org.apache.maven.plugin.MojoExecutionException If the target file could not be created.
*/
void buildInterpolatedFile( File originalFile, File interpolatedFile )
@@ -2428,7 +2447,7 @@ public abstract class AbstractInvokerMoj
try
{
// interpolation with token @...@
- Map<String, Object> composite = getInterpolationValueSource();
+ Map<String, Object> composite = getInterpolationValueSource( true );
reader =
new InterpolationFilterReader( ReaderFactory.newXmlReader( originalFile ), composite, "@", "@" );
@@ -2497,7 +2516,7 @@ public abstract class AbstractInvokerMoj
}
Interpolator interpolator = new RegexBasedInterpolator();
- interpolator.addValueSource( new MapBasedValueSource( getInterpolationValueSource() ) );
+ interpolator.addValueSource( new MapBasedValueSource( getInterpolationValueSource( false ) ) );
// CHECKSTYLE_OFF: LineLength
for ( String key : (Set<String>) ( (Map) props ).keySet() )
{