You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:54:07 UTC
svn commit: r1077230 - in
/hadoop/common/branches/branch-0.20-security-patches/src:
mapred/org/apache/hadoop/mapred/ webapps/job/ webapps/task/
Author: omalley
Date: Fri Mar 4 03:54:07 2011
New Revision: 1077230
URL: http://svn.apache.org/viewvc?rev=1077230&view=rev
Log:
commit 7f5528c3444935bf9673a97b8789ae94d7af3165
Author: Arun C Murthy <ac...@apache.org>
Date: Fri Feb 26 13:12:41 2010 -0800
MAPREDUCE-1454 from http://issues.apache.org/jira/secure/attachment/12436834/M1454-0y20.patch
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JSPUtil.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskLogServlet.java
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/analysejobhistory.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobblacklistedtrackers.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobconf_history.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetails.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetailshistory.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobfailures.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobhistory.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobqueue_details.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtasks.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtaskshistory.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtracker.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/loadhistory.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetails.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetailshistory.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstats.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstatshistory.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/task/tasktracker.jsp
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JSPUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JSPUtil.java?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JSPUtil.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JSPUtil.java Fri Mar 4 03:54:07 2011
@@ -33,6 +33,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.http.HtmlQuoting;
import org.apache.hadoop.mapred.JobHistory.JobInfo;
import org.apache.hadoop.mapred.JobTracker.RetireJobInfo;
import org.apache.hadoop.util.ServletUtil;
@@ -158,9 +159,10 @@ class JSPUtil {
int desiredReduces = job.desiredReduces();
int completedMaps = job.finishedMaps();
int completedReduces = job.finishedReduces();
- String name = profile.getJobName();
+ String name = HtmlQuoting.quoteHtmlChars(profile.getJobName());
String jobpri = job.getPriority().toString();
- String schedulingInfo = job.getStatus().getSchedulingInfo();
+ String schedulingInfo =
+ HtmlQuoting.quoteHtmlChars(job.getStatus().getSchedulingInfo());
if (isModifiable) {
sb.append("<tr><td><input TYPE=\"checkbox\" " +
@@ -175,7 +177,8 @@ class JSPUtil {
+ "\"><a href=\"jobdetails.jsp?jobid=" + jobid + "&refresh="
+ refresh + "\">" + jobid + "</a></td>" + "<td id=\"priority_"
+ rowId + "\">" + jobpri + "</td>" + "<td id=\"user_" + rowId
- + "\">" + profile.getUser() + "</td>" + "<td id=\"name_" + rowId
+ + "\">" + HtmlQuoting.quoteHtmlChars(profile.getUser()) +
+ "</td>" + "<td id=\"name_" + rowId
+ "\">" + ("".equals(name) ? " " : name) + "</td>" + "<td>"
+ StringUtils.formatPercent(status.mapProgress(), 2)
+ ServletUtil.percentageGraph(status.mapProgress() * 100, 80)
@@ -248,10 +251,10 @@ class JSPUtil {
"<td id=\"priority_" + rowId + "\">" +
info.status.getJobPriority().toString() + "</td>" +
- "<td id=\"user_" + rowId + "\">" + info.profile.getUser()
- + "</td>" +
- "<td id=\"name_" + rowId + "\">" + info.profile.getJobName()
- + "</td>" +
+ "<td id=\"user_" + rowId + "\">" +
+ HtmlQuoting.quoteHtmlChars(info.profile.getUser()) + "</td>" +
+ "<td id=\"name_" + rowId + "\">" +
+ HtmlQuoting.quoteHtmlChars(info.profile.getJobName()) + "</td>" +
"<td>" + JobStatus.getJobRunState(info.status.getRunState())
+ "</td>" +
"<td>" + new Date(info.status.getStartTime()) + "</td>" +
@@ -266,9 +269,9 @@ class JSPUtil {
info.status.reduceProgress() * 100, 80) +
"</td>" +
- "<td>" + info.status.getSchedulingInfo() + "</td>" +
-
- "</tr>\n");
+ "<td>" +
+ HtmlQuoting.quoteHtmlChars(info.status.getSchedulingInfo()) +
+ "</td>" + "</tr>\n");
rowId++;
}
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskLogServlet.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskLogServlet.java?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskLogServlet.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskLogServlet.java Fri Mar 4 03:54:07 2011
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.hadoop.http.HtmlQuoting;
import org.apache.hadoop.util.StringUtils;
/**
@@ -53,54 +54,6 @@ public class TaskLogServlet extends Http
+ "/tasklog?taskid=" + taskAttemptID);
}
- /**
- * Find the next quotable character in the given array.
- * @param data the bytes to look in
- * @param offset the first index to look in
- * @param end the index after the last one to look in
- * @return the index of the quotable character or end if none was found
- */
- private static int findFirstQuotable(byte[] data, int offset, int end) {
- while (offset < end) {
- switch (data[offset]) {
- case '<':
- case '>':
- case '&':
- return offset;
- default:
- offset += 1;
- }
- }
- return offset;
- }
-
- private static void quotedWrite(OutputStream out, byte[] data, int offset,
- int length) throws IOException {
- int end = offset + length;
- while (offset < end) {
- int next = findFirstQuotable(data, offset, end);
- out.write(data, offset, next - offset);
- offset = next;
- if (offset < end) {
- switch (data[offset]) {
- case '<':
- out.write("<".getBytes());
- break;
- case '>':
- out.write(">".getBytes());
- break;
- case '&':
- out.write("&".getBytes());
- break;
- default:
- out.write(data[offset]);
- break;
- }
- offset += 1;
- }
- }
- }
-
private void printTaskLog(HttpServletResponse response,
OutputStream out, TaskAttemptID taskId,
long start, long end, boolean plainText,
@@ -122,7 +75,7 @@ public class TaskLogServlet extends Http
if (plainText) {
out.write(b, 0, result);
} else {
- quotedWrite(out, b, 0, result);
+ HtmlQuoting.quoteHtmlChars(out, b, 0, result);
}
} else {
break;
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/analysejobhistory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/analysejobhistory.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/analysejobhistory.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/analysejobhistory.jsp Fri Mar 4 03:54:07 2011
@@ -3,6 +3,7 @@
import="javax.servlet.http.*"
import="java.io.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.fs.*"
import="org.apache.hadoop.util.*"
@@ -15,7 +16,7 @@
%>
<html><body>
<%
- String jobid = request.getParameter("jobid");
+ String jobid = JobID.forName(request.getParameter("jobid")).toString();
String logFile = request.getParameter("logFile");
String encodedLogFileName = JobHistory.JobInfo.encodeJobHistoryFilePath(logFile);
String numTasks = request.getParameter("numTasks");
@@ -27,8 +28,8 @@
JobHistory.JobInfo job = JSPUtil.getJobInfo(request, fs);
%>
<h2>Hadoop Job <a href="jobdetailshistory.jsp?jobid=<%=jobid%>&&logFile=<%=encodedLogFileName%>"><%=jobid %> </a></h2>
-<b>User : </b> <%=job.get(Keys.USER) %><br/>
-<b>JobName : </b> <%=job.get(Keys.JOBNAME) %><br/>
+<b>User : </b> <%=HtmlQuoting.quoteHtmlChars(job.get(Keys.USER)) %><br/>
+<b>JobName : </b> <%=HtmlQuoting.quoteHtmlChars(job.get(Keys.JOBNAME)) %><br/>
<b>JobConf : </b> <%=job.get(Keys.JOBCONF) %><br/>
<b>Submitted At : </b> <%=StringUtils.getFormattedTimeWithDiff(dateFormat, job.getLong(Keys.SUBMIT_TIME), 0 ) %><br/>
<b>Launched At : </b> <%=StringUtils.getFormattedTimeWithDiff(dateFormat, job.getLong(Keys.LAUNCH_TIME), job.getLong(Keys.SUBMIT_TIME)) %><br/>
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobblacklistedtrackers.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobblacklistedtrackers.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobblacklistedtrackers.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobblacklistedtrackers.jsp Fri Mar 4 03:54:07 2011
@@ -4,6 +4,7 @@
import="javax.servlet.http.*"
import="java.io.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.*"
%>
@@ -22,8 +23,8 @@
int maxErrorsPerTracker = job.getJobConf().getMaxTaskFailuresPerTracker();
for (Map.Entry<String,Integer> e : trackerErrors.entrySet()) {
if (e.getValue().intValue() >= maxErrorsPerTracker) {
- out.print("<tr><td>" + e.getKey() + "</td><td>" + e.getValue() +
- "</td></tr>\n");
+ out.print("<tr><td>" + HtmlQuoting.quoteHtmlChars(e.getKey()) +
+ "</td><td>" + e.getValue() + "</td></tr>\n");
}
}
out.print("</table>\n");
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobconf_history.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobconf_history.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobconf_history.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobconf_history.jsp Fri Mar 4 03:54:07 2011
@@ -3,7 +3,6 @@
import="javax.servlet.*"
import="javax.servlet.http.*"
import="java.io.*"
- import="java.net.URL"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.fs.*"
import="org.apache.hadoop.util.*"
@@ -12,7 +11,7 @@
<%
JobTracker tracker = (JobTracker) application.getAttribute("job.tracker");
- String jobId = request.getParameter("jobid");
+ String jobId = JobID.forName(request.getParameter("jobid")).toString();
if (jobId == null) {
out.println("<h2>Missing 'jobid' for fetching job configuration!</h2>");
return;
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetails.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetails.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetails.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetails.jsp Fri Mar 4 03:54:07 2011
@@ -6,6 +6,7 @@
import="java.text.*"
import="java.util.*"
import="java.text.DecimalFormat"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.mapreduce.TaskType"
import="org.apache.hadoop.util.*"
@@ -212,10 +213,12 @@
JobStatus status = job.getStatus();
int runState = status.getRunState();
int flakyTaskTrackers = job.getNoOfBlackListedTrackers();
- out.print("<b>User:</b> " + profile.getUser() + "<br>\n");
- out.print("<b>Job Name:</b> " + profile.getJobName() + "<br>\n");
- out.print("<b>Job File:</b> <a href=\"jobconf.jsp?jobid=" + jobId + "\">"
- + profile.getJobFile() + "</a><br>\n");
+ out.print("<b>User:</b> " +
+ HtmlQuoting.quoteHtmlChars(profile.getUser()) + "<br>\n");
+ out.print("<b>Job Name:</b> " +
+ HtmlQuoting.quoteHtmlChars(profile.getJobName()) + "<br>\n");
+ out.print("<b>Job File:</b> <a href=\"jobconf.jsp?jobid=" + jobId + "\">" +
+ profile.getJobFile() + "</a><br>\n");
out.print("<b>Job Setup:</b>");
printJobLevelTaskSummary(out, jobId, "setup",
job.getTasks(TaskType.JOB_SETUP));
@@ -309,11 +312,12 @@
if (isFirst) {
isFirst = false;
%>
- <td rowspan="<%=totalGroup.size()%>"><%=totalGroup.getDisplayName()%></td>
+ <td rowspan="<%=totalGroup.size()%>">
+ <%=HtmlQuoting.quoteHtmlChars(totalGroup.getDisplayName())%></td>
<%
}
%>
- <td><%=name%></td>
+ <td><%=HtmlQuoting.quoteHtmlChars(name)%></td>
<td align="right"><%=mapValue%></td>
<td align="right"><%=reduceValue%></td>
<td align="right"><%=totalValue%></td>
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetailshistory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetailshistory.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetailshistory.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobdetailshistory.jsp Fri Mar 4 03:54:07 2011
@@ -4,6 +4,7 @@
import="java.io.*"
import="java.util.*"
import="org.apache.hadoop.fs.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.*"
import="java.text.*"
@@ -12,7 +13,7 @@
<%! static SimpleDateFormat dateFormat = new SimpleDateFormat("d-MMM-yyyy HH:mm:ss") ; %>
<%
- String jobid = request.getParameter("jobid");
+ String jobid = JobID.forName(request.getParameter("jobid")).toString();
String logFile = request.getParameter("logFile");
String encodedLogFileName = JobHistory.JobInfo.encodeJobHistoryFilePath(logFile);
@@ -33,8 +34,8 @@
<h2>Hadoop Job <%=jobid %> on <a href="jobhistory.jsp">History Viewer</a></h2>
-<b>User: </b> <%=job.get(Keys.USER) %><br/>
-<b>JobName: </b> <%=job.get(Keys.JOBNAME) %><br/>
+<b>User: </b> <%=HtmlQuoting.quoteHtmlChars(job.get(Keys.USER)) %><br/>
+<b>JobName: </b> <%=HtmlQuoting.quoteHtmlChars(job.get(Keys.JOBNAME)) %><br/>
<b>JobConf: </b> <a href="jobconf_history.jsp?jobid=<%=jobid%>&jobLogDir=<%=new Path(logFile).getParent().toString()%>&jobUniqueString=<%=jobUniqueString%>">
<%=job.get(Keys.JOBCONF) %></a><br/>
<b>Submitted At: </b> <%=StringUtils.getFormattedTimeWithDiff(dateFormat, job.getLong(Keys.SUBMIT_TIME), 0 ) %><br/>
@@ -240,11 +241,12 @@
if (isFirst) {
isFirst = false;
%>
- <td rowspan="<%=totalGroup.size()%>"><%=totalGroup.getDisplayName()%></td>
+ <td rowspan="<%=totalGroup.size()%>">
+ <%=HtmlQuoting.quoteHtmlChars(totalGroup.getDisplayName())%></td>
<%
}
%>
- <td><%=counter.getDisplayName()%></td>
+ <td><%=HtmlQuoting.quoteHtmlChars(counter.getDisplayName())%></td>
<td align="right"><%=mapValue%></td>
<td align="right"><%=reduceValue%></td>
<td align="right"><%=totalValue%></td>
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobfailures.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobfailures.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobfailures.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobfailures.jsp Fri Mar 4 03:54:07 2011
@@ -4,6 +4,7 @@
import="javax.servlet.http.*"
import="java.io.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.mapreduce.TaskType"
import="org.apache.hadoop.util.*"
@@ -47,7 +48,7 @@
out.print(" ");
} else {
for(int j = 0 ; j < failures.length ; j++){
- out.print(failures[j]);
+ out.print(HtmlQuoting.quoteHtmlChars(failures[j]));
if (j < (failures.length - 1)) {
out.print("\n-------\n");
}
@@ -103,7 +104,8 @@
includeMap = true;
includeReduce = true;
} else {
- out.print("<b>Kind " + kind + " not supported.</b><br>\n");
+ out.print("<b>Kind " + kind +
+ " not supported.</b><br>\n");
return;
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobhistory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobhistory.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobhistory.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobhistory.jsp Fri Mar 4 03:54:07 2011
@@ -1,12 +1,14 @@
<%@ page
contentType="text/html; charset=UTF-8"
import="java.io.*"
+ import="java.net.URLEncoder"
import="java.util.*"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.*"
import="org.apache.hadoop.fs.*"
import="javax.servlet.jsp.*"
import="java.text.SimpleDateFormat"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.mapred.JobHistory.*"
%>
@@ -57,18 +59,23 @@ window.location.href = url;
? parts[1].toLowerCase()
: "";
PathFilter jobLogFileFilter = new PathFilter() {
+ // unquote params before encoding for search
+ final String uqUser = JobHistory.JobInfo.encodeJobHistoryFileName(
+ HtmlQuoting.unquoteHtmlChars(user));
+ final String uqJobname = JobHistory.JobInfo.encodeJobHistoryFileName(
+ HtmlQuoting.unquoteHtmlChars(jobname));
private boolean matchUser(String fileName) {
// return true if
// - user is not specified
// - user matches
- return "".equals(user) || user.equals(fileName.split("_")[5]);
+ return "".equals(uqUser) || uqUser.equals(fileName.split("_")[5]);
}
private boolean matchJobName(String fileName) {
// return true if
// - jobname is not specified
// - jobname contains the keyword
- return "".equals(jobname) || fileName.split("_")[6].toLowerCase().contains(jobname);
+ return "".equals(uqJobname) || fileName.split("_")[6].toLowerCase().contains(uqJobname);
}
public boolean accept(Path path) {
@@ -84,7 +91,8 @@ window.location.href = url;
}
Path[] jobFiles = FileUtil.stat2Paths(fs.listStatus(new Path(historyLogDir),
jobLogFileFilter));
- out.println("<!-- user : " + user + ", jobname : " + jobname + "-->");
+ out.println("<!-- user : " + user +
+ ", jobname : " + jobname + "-->");
if (null == jobFiles || jobFiles.length == 0) {
out.println("No files found!");
return ;
@@ -139,10 +147,12 @@ window.location.href = url;
// display the number of jobs, start index, end index
out.println("(<i> <span class=\"small\">Displaying <b>" + length + "</b> jobs from <b>" + start + "</b> to <b>" + (start + length - 1) + "</b> out of <b>" + jobFiles.length + "</b> jobs");
if (!"".equals(user)) {
- out.println(" for user <b>" + user + "</b>"); // show the user if present
+ // show the user if present
+ out.println(" for user <b>" + user + "</b>");
}
if (!"".equals(jobname)) {
- out.println(" with jobname having the keyword <b>" + jobname + "</b> in it."); // show the jobname keyword if present
+ out.println(" with jobname having the keyword <b>" +
+ jobname + "</b> in it."); // show the jobname keyword if present
}
out.print("</span></i>)");
@@ -256,8 +266,8 @@ window.location.href = url;
out.print("<td>" + new Date(Long.parseLong(trackerid)) + "</td>");
out.print("<td>" + "<a href=\"jobdetailshistory.jsp?jobid=" + jobId +
"&logFile=" + logFile.toString() + "\">" + jobId + "</a></td>");
- out.print("<td>" + jobName + "</td>");
- out.print("<td>" + user + "</td>");
+ out.print("<td>" + HtmlQuoting.quoteHtmlChars(jobName) + "</td>");
+ out.print("<td>" + HtmlQuoting.quoteHtmlChars(user) + "</td>");
out.print("</tr>");
}
@@ -270,7 +280,8 @@ window.location.href = url;
// show previous link
if (pageno > 1) {
- out.println("<a href=\"jobhistory.jsp?pageno=" + (pageno - 1) + "&search=" + search + "\">Previous</a>");
+ out.println("<a href=\"jobhistory.jsp?pageno=" + (pageno - 1) +
+ "&search=" + search + "\">Previous</a>");
}
// display the numbered index 1 2 3 4
@@ -289,7 +300,8 @@ window.location.href = url;
for (int i = firstPage; i <= lastPage; ++i) {
if (i != pageno) {// needs hyperlink
- out.println(" <a href=\"jobhistory.jsp?pageno=" + i + "&search=" + search + "\">" + i + "</a> ");
+ out.println(" <a href=\"jobhistory.jsp?pageno=" + i + "&search=" +
+ search + "\">" + i + "</a> ");
} else { // current page
out.println(i);
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobqueue_details.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobqueue_details.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobqueue_details.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobqueue_details.jsp Fri Mar 4 03:54:07 2011
@@ -4,6 +4,7 @@
import="javax.servlet.http.*"
import="java.util.Vector"
import="java.util.Collection"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.StringUtils"
import="org.apache.hadoop.util.ServletUtil"
@@ -16,15 +17,15 @@ private static final long serialVersionU
(JobTracker) application.getAttribute("job.tracker");
String trackerName =
StringUtils.simpleHostname(tracker.getJobTrackerMachine());
- String queueName =
- StringUtils.escapeHTML(request.getParameter("queueName"));
+ String queueName = request.getParameter("queueName");
TaskScheduler scheduler = tracker.getTaskScheduler();
Collection<JobInProgress> jobs = scheduler.getJobs(queueName);
JobQueueInfo schedInfo = tracker.getQueueInfo(queueName);
%>
<html>
<head>
-<title>Queue details for <%=queueName!=null?queueName:""%> </title>
+<title>Queue details for
+<%=queueName!=null?queueName:""%> </title>
<link rel="stylesheet" type="text/css" href="/static/hadoop.css">
<script type="text/javascript" src="/static/jobtracker.js"></script>
</head>
@@ -37,21 +38,24 @@ private static final long serialVersionU
<a href="jobtracker.jsp"><%=trackerName%></a>
</h1>
<div>
-Scheduling Information : <%= schedulingInfoString.replaceAll("\n","<br/>") %>
+Scheduling Information :
+<%= HtmlQuoting.quoteHtmlChars(schedulingInfoString.replaceAll("\n","<br/>")) %>
</div>
<hr/>
<%
if(jobs == null || jobs.isEmpty()) {
%>
<center>
-<h2> No Jobs found for the Queue :: <%=queueName!=null?queueName:""%> </h2>
+<h2> No Jobs found for the Queue ::
+<%=queueName!=null?queueName:""%> </h2>
<hr/>
</center>
<%
}else {
%>
<center>
-<h2> Job Summary for the Queue :: <%=queueName!=null?queueName:"" %> </h2>
+<h2> Job Summary for the Queue ::
+<%=queueName!=null?queueName:"" %> </h2>
</center>
<div style="text-align: center;text-indent: center;font-style: italic;">
(In the order maintained by the scheduler)
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtasks.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtasks.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtasks.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtasks.jsp Fri Mar 4 03:54:07 2011
@@ -4,6 +4,7 @@
import="javax.servlet.http.*"
import="java.io.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.*"
import="java.lang.Integer"
@@ -96,14 +97,14 @@
report.getTaskID() + "</a></td>");
out.print("<td>" + StringUtils.formatPercent(report.getProgress(),2) +
ServletUtil.percentageGraph(report.getProgress() * 100f, 80) + "</td>");
- out.print("<td>" + report.getState() + "<br/></td>");
+ out.print("<td>" + HtmlQuoting.quoteHtmlChars(report.getState()) + "<br/></td>");
out.println("<td>" + StringUtils.getFormattedTimeWithDiff(dateFormat, report.getStartTime(),0) + "<br/></td>");
out.println("<td>" + StringUtils.getFormattedTimeWithDiff(dateFormat,
report.getFinishTime(), report.getStartTime()) + "<br/></td>");
String[] diagnostics = report.getDiagnostics();
out.print("<td><pre>");
for (int j = 0; j < diagnostics.length ; j++) {
- out.println(diagnostics[j]);
+ out.println(HtmlQuoting.quoteHtmlChars(diagnostics[j]));
}
out.println("</pre><br/></td>");
out.println("<td>" +
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtaskshistory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtaskshistory.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtaskshistory.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtaskshistory.jsp Fri Mar 4 03:54:07 2011
@@ -3,6 +3,7 @@
import="javax.servlet.http.*"
import="java.io.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.fs.*"
import="org.apache.hadoop.util.*"
@@ -16,10 +17,10 @@
%>
<%
- String jobid = request.getParameter("jobid");
+ String jobid = JobID.forName(request.getParameter("jobid")).toString();
String logFile = request.getParameter("logFile");
String encodedLogFileName = JobHistory.JobInfo.encodeJobHistoryFilePath(logFile);
- String taskStatus = request.getParameter("status");
+ String taskStatus = request.getParameter("status");
String taskType = request.getParameter("taskType");
FileSystem fs = (FileSystem) application.getAttribute("fileSys");
@@ -58,7 +59,8 @@
out.print("<td>" + StringUtils.getFormattedTimeWithDiff(dateFormat,
attempt.getLong(Keys.FINISH_TIME),
attempt.getLong(Keys.START_TIME) ) + "</td>");
- out.print("<td>" + attempt.get(Keys.ERROR) + "</td>");
+ out.print("<td>" + HtmlQuoting.quoteHtmlChars(attempt.get(Keys.ERROR)) +
+ "</td>");
out.print("</tr>");
}
%>
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtracker.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtracker.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtracker.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/jobtracker.jsp Fri Mar 4 03:54:07 2011
@@ -5,6 +5,7 @@
import="java.io.*"
import="java.util.*"
import="java.text.DecimalFormat"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.mapreduce.*"
import="org.apache.hadoop.util.*"
@@ -126,7 +127,7 @@ for(JobQueueInfo queue: queues) {
%>
<tr>
<td><a href="jobqueue_details.jsp?queueName=<%=queueName%>"><%=queueName%></a></td>
-<td><%=schedulingInformation.replaceAll("\n","<br/>") %>
+<td><%=HtmlQuoting.quoteHtmlChars(schedulingInformation.replaceAll("\n","<br/>")) %>
</td>
</tr>
<%
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/loadhistory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/loadhistory.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/loadhistory.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/loadhistory.jsp Fri Mar 4 03:54:07 2011
@@ -17,7 +17,7 @@
};
FileSystem fs = (FileSystem) application.getAttribute("fileSys");
- String jobId = (String)request.getParameter("jobid");
+ String jobId = request.getParameter("jobid");
JobHistory.JobInfo job = (JobHistory.JobInfo)
request.getSession().getAttribute("job");
// if session attribute of JobInfo exists and is of different job's,
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetails.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetails.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetails.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetails.jsp Fri Mar 4 03:54:07 2011
@@ -5,6 +5,7 @@
import="java.io.*"
import="java.lang.String"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.*"
import="java.text.SimpleDateFormat"
@@ -181,7 +182,7 @@
out.print(" ");
} else {
for(int j = 0 ; j < failures.length ; j++){
- out.print(failures[j]);
+ out.print(HtmlQuoting.quoteHtmlChars(failures[j]));
if (j < (failures.length - 1)) {
out.print("\n-------\n");
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetailshistory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetailshistory.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetailshistory.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskdetailshistory.jsp Fri Mar 4 03:54:07 2011
@@ -3,6 +3,7 @@
import="javax.servlet.http.*"
import="java.io.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.fs.*"
import="org.apache.hadoop.util.*"
@@ -13,7 +14,7 @@
<%! private static SimpleDateFormat dateFormat = new SimpleDateFormat("d/MM HH:mm:ss") ; %>
<%
- String jobid = request.getParameter("jobid");
+ String jobid = JobID.forName(request.getParameter("jobid")).toString();
String logFile = request.getParameter("logFile");
String encodedLogFileName = JobHistory.JobInfo.encodeJobHistoryFilePath(logFile);
String taskid = request.getParameter("taskid");
@@ -83,7 +84,8 @@
taskAttempt.getLong(Keys.FINISH_TIME),
taskAttempt.getLong(Keys.START_TIME) ) + "</td>");
out.print("<td>" + taskAttempt.get(Keys.HOSTNAME) + "</td>");
- out.print("<td>" + taskAttempt.get(Keys.ERROR) + "</td>");
+ out.print("<td>" + HtmlQuoting.quoteHtmlChars(taskAttempt.get(Keys.ERROR)) +
+ "</td>");
// Print task log urls
out.print("<td>");
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstats.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstats.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstats.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstats.jsp Fri Mar 4 03:54:07 2011
@@ -6,6 +6,7 @@
import="java.lang.String"
import="java.text.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.*"
import="java.text.SimpleDateFormat"
@@ -58,7 +59,8 @@
String displayGroupName = group.getDisplayName();
%>
<tr>
- <td colspan="3"><br/><b><%=displayGroupName%></b></td>
+ <td colspan="3"><br/><b>
+ <%=HtmlQuoting.quoteHtmlChars(displayGroupName)%></b></td>
</tr>
<%
for (Counters.Counter counter : group) {
@@ -67,7 +69,7 @@
%>
<tr>
<td width="50"></td>
- <td><%=displayCounterName%></td>
+ <td><%=HtmlQuoting.quoteHtmlChars(displayCounterName)%></td>
<td align="right"><%=decimal.format(value)%></td>
</tr>
<%
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstatshistory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstatshistory.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstatshistory.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/job/taskstatshistory.jsp Fri Mar 4 03:54:07 2011
@@ -22,6 +22,7 @@
import="javax.servlet.http.*"
import="java.io.*"
import="java.util.*"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.fs.*"
import="org.apache.hadoop.util.*"
@@ -75,7 +76,8 @@
String displayGroupName = group.getDisplayName();
%>
<tr>
- <td colspan="3"><br/><b><%=displayGroupName%></b></td>
+ <td colspan="3"><br/><b>
+ <%=HtmlQuoting.quoteHtmlChars(displayGroupName)%></b></td>
</tr>
<%
Iterator<Counters.Counter> ctrItr = group.iterator();
@@ -86,7 +88,7 @@
%>
<tr>
<td width="50"></td>
- <td><%=displayCounterName%></td>
+ <td><%=HtmlQuoting.quoteHtmlChars(displayCounterName)%></td>
<td align="right"><%=decimal.format(value)%></td>
</tr>
<%
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/task/tasktracker.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/task/tasktracker.jsp?rev=1077230&r1=1077229&r2=1077230&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/task/tasktracker.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/task/tasktracker.jsp Fri Mar 4 03:54:07 2011
@@ -5,6 +5,7 @@
import="java.io.*"
import="java.util.*"
import="java.text.DecimalFormat"
+ import="org.apache.hadoop.http.HtmlQuoting"
import="org.apache.hadoop.mapred.*"
import="org.apache.hadoop.util.*"
%>
@@ -39,7 +40,9 @@
out.print("</td><td>" + status.getRunState());
out.print("</td><td>" +
StringUtils.formatPercent(status.getProgress(), 2));
- out.print("</td><td><pre>" + status.getDiagnosticInfo() + "</pre></td>");
+ out.print("</td><td><pre>" +
+ HtmlQuoting.quoteHtmlChars(status.getDiagnosticInfo()) +
+ "</pre></td>");
out.print("</tr>\n");
}
%>
@@ -72,7 +75,9 @@
out.print("</td><td>" + status.getRunState());
out.print("</td><td>" +
StringUtils.formatPercent(status.getProgress(), 2));
- out.print("</td><td><pre>" + status.getDiagnosticInfo() + "</pre></td>");
+ out.print("</td><td><pre>" +
+ HtmlQuoting.quoteHtmlChars(status.getDiagnosticInfo()) +
+ "</pre></td>");
out.print("</tr>\n");
}
%>