Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #411 from coheigea/AMQ-7339 

AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet
This commit is contained in:
Jean-Baptiste Onofré 2019-11-08 14:44:50 +01:00 committed by GitHub
parent ea900c0d3f 7441c6b603
commit 14b05380ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java
View File

@ -197,7 +197,7 @@ public class HttpTunnelServlet extends HttpServlet {
// Record the client's transport and ensure that it has not already registered; this is thread-safe and only allows one
// thread to register the client
if (clients.putIfAbsent(clientID, answer) != null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "A session for clientID '" + clientID + "' has already been established");
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "A session for the given clientID has already been established");
LOG.warn("A session for clientID '" + clientID + "' has already been established");
return null;
}
@ -237,7 +237,7 @@ public class HttpTunnelServlet extends HttpServlet {
// Ensure that the transport was not prematurely disposed.
if (transport.isDisposed()) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "The session for clientID '" + clientID + "' was prematurely disposed");
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "The session for the given clientID was prematurely disposed");
LOG.warn("The session for clientID '" + clientID + "' was prematurely disposed");
return null;
}