You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-scm@portals.apache.org by as...@apache.org on 2021/12/16 17:28:05 UTC
[portals-pluto] branch master updated: Escape parameters
This is an automated email from the ASF dual-hosted git repository.
asfgriff pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/portals-pluto.git
The following commit(s) were added to refs/heads/master by this push:
new 44f54a6 Escape parameters
44f54a6 is described below
commit 44f54a685bb6a9c33bbc23d936a52f652ccf70f9
Author: Neil Griffin <ne...@gmail.com>
AuthorDate: Thu Dec 16 12:25:14 2021 -0500
Escape parameters
---
demo/v3-demo-portlet/pom.xml | 4 ++++
.../portals/pluto/demo/v3/UrlTestPortlet.java | 28 ++++++++++++++--------
2 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/demo/v3-demo-portlet/pom.xml b/demo/v3-demo-portlet/pom.xml
index 50789bb..be82cad 100644
--- a/demo/v3-demo-portlet/pom.xml
+++ b/demo/v3-demo-portlet/pom.xml
@@ -60,6 +60,10 @@
<scope>provided</scope>
</dependency>
<dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.apache.taglibs</groupId>
<artifactId>taglibs-standard-spec</artifactId>
<scope>provided</scope>
diff --git a/demo/v3-demo-portlet/src/main/java/org/apache/portals/pluto/demo/v3/UrlTestPortlet.java b/demo/v3-demo-portlet/src/main/java/org/apache/portals/pluto/demo/v3/UrlTestPortlet.java
index f017b2a..887ffd7 100644
--- a/demo/v3-demo-portlet/src/main/java/org/apache/portals/pluto/demo/v3/UrlTestPortlet.java
+++ b/demo/v3-demo-portlet/src/main/java/org/apache/portals/pluto/demo/v3/UrlTestPortlet.java
@@ -105,14 +105,18 @@ public class UrlTestPortlet extends GenericPortlet {
// try to test all parameter apis
String val = rp.getValue(pn);
String[] vals = rp.getValues(pn);
+ String[] escapedVals = new String[vals.length];
+ for (int i = 0; i < vals.length; i++) {
+ escapedVals[i] = StringEscapeUtils.escapeHtml4(vals[i]);
+ }
txt.append(" <tr><td " + style + ">Name: ")
.append(pn)
.append("</td><td " + style + ">Val: ")
- .append(val)
+ .append(StringEscapeUtils.escapeHtml4(val))
.append("</td><td " + style + ">Len: ")
.append(vals.length)
.append("</td><td " + style + ">Values: ")
- .append(Arrays.toString(vals))
+ .append(Arrays.toString(escapedVals))
.append("</td></tr>\n");
}
@@ -320,14 +324,18 @@ public class UrlTestPortlet extends GenericPortlet {
if (!pn.equals(PARAM_AURLCOPY) && !pn.equals(PARAM_REMTYPE) && !pn.equals(PARAM_SETTYPE)) {
String val = mrp.getValue(pn);
String[] vals = mrp.getValues(pn);
+ String[] escapedVals = new String[vals.length];
+ for (int i = 0; i < vals.length; i++) {
+ escapedVals[i] = StringEscapeUtils.escapeHtml4(vals[i]);
+ }
txt.append(" <tr><td " + style + ">Name: ")
.append(pn)
.append("</td><td " + style + ">Val: ")
- .append(val)
+ .append(StringEscapeUtils.escapeHtml4(val))
.append("</td><td " + style + ">Len: ")
.append(vals.length)
.append("</td><td " + style + ">Values: ")
- .append(Arrays.toString(vals))
+ .append(Arrays.toString(escapedVals))
.append("</td></tr>\n");
}
}
@@ -340,20 +348,20 @@ public class UrlTestPortlet extends GenericPortlet {
txt.append(" <table>");
for (String pn : ap.getNames()) {
- pn = StringEscapeUtils.escapeHtml4(pn);
- String val = StringEscapeUtils.escapeHtml4(ap.getValue(pn));
+ String val = ap.getValue(pn);
String[] vals = ap.getValues(pn);
- for (int ii=0; ii < vals.length; ii++) {
- vals[ii] = StringEscapeUtils.escapeHtml4(vals[ii]);
+ String[] escapedVals = new String[vals.length];
+ for (int i = 0; i < vals.length; i++) {
+ escapedVals[i] = StringEscapeUtils.escapeHtml4(vals[i]);
}
txt.append(" <tr><td " + style + ">Name: ")
.append(pn)
.append("</td><td " + style + ">Val: ")
- .append(val)
+ .append(StringEscapeUtils.escapeHtml4(val))
.append("</td><td " + style + ">Len: ")
.append(vals.length)
.append("</td><td " + style + ">Values: ")
- .append(Arrays.toString(vals))
+ .append(Arrays.toString(escapedVals))
.append("</td></tr>\n");
}