You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/04/26 04:14:28 UTC
svn commit: r532571 -
/tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java
Author: markt
Date: Wed Apr 25 19:14:28 2007
New Revision: 532571
URL: http://svn.apache.org/viewvc?view=rev&rev=532571
Log:
Port XSS fix to 5.0.x (part of CVE-2005-4838).
Modified:
tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java
Modified: tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java
URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java?view=diff&rev=532571&r1=532570&r2=532571
==============================================================================
--- tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java (original)
+++ tomcat/container/branches/tc5.0.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java Wed Apr 25 19:14:28 2007
@@ -106,7 +106,8 @@
message = stop(path);
} else {
message =
- sm.getString("managerServlet.unknownCommand", command);
+ sm.getString("managerServlet.unknownCommand",
+ RequestUtil.filter(command));
}
list(request, response, message);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org