HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1409995 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
298eb42657
commit
96f28d878e
|
@ -598,6 +598,8 @@ Release 2.0.3-alpha - Unreleased
|
||||||
HDFS-3623. BKJM: zkLatchWaitTimeout hard coded to 6000. Make use of ZKSessionTimeout instead.
|
HDFS-3623. BKJM: zkLatchWaitTimeout hard coded to 6000. Make use of ZKSessionTimeout instead.
|
||||||
(umamahesh)
|
(umamahesh)
|
||||||
|
|
||||||
|
HDFS-4100. Fix all findbug security warings. (Liang Xie via eli)
|
||||||
|
|
||||||
Release 2.0.2-alpha - 2012-09-07
|
Release 2.0.2-alpha - 2012-09-07
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -31,6 +31,7 @@ import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.apache.commons.lang.StringEscapeUtils;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
|
@ -139,7 +140,8 @@ public class GetJournalEditServlet extends HttpServlet {
|
||||||
HttpServletRequest request, HttpServletResponse response)
|
HttpServletRequest request, HttpServletResponse response)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
String myStorageInfoString = storage.toColonSeparatedString();
|
String myStorageInfoString = storage.toColonSeparatedString();
|
||||||
String theirStorageInfoString = request.getParameter(STORAGEINFO_PARAM);
|
String theirStorageInfoString = StringEscapeUtils.escapeHtml(
|
||||||
|
request.getParameter(STORAGEINFO_PARAM));
|
||||||
|
|
||||||
if (theirStorageInfoString != null
|
if (theirStorageInfoString != null
|
||||||
&& !myStorageInfoString.equals(theirStorageInfoString)) {
|
&& !myStorageInfoString.equals(theirStorageInfoString)) {
|
||||||
|
|
|
@ -259,7 +259,8 @@ public class DatanodeJspHelper {
|
||||||
int namenodeInfoPort = -1;
|
int namenodeInfoPort = -1;
|
||||||
if (namenodeInfoPortStr != null)
|
if (namenodeInfoPortStr != null)
|
||||||
namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr);
|
namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr);
|
||||||
final String nnAddr = req.getParameter(JspHelper.NAMENODE_ADDRESS);
|
final String nnAddr = StringEscapeUtils.escapeHtml(
|
||||||
|
req.getParameter(JspHelper.NAMENODE_ADDRESS));
|
||||||
if (nnAddr == null){
|
if (nnAddr == null){
|
||||||
out.print(JspHelper.NAMENODE_ADDRESS + " url param is null");
|
out.print(JspHelper.NAMENODE_ADDRESS + " url param is null");
|
||||||
return;
|
return;
|
||||||
|
@ -637,7 +638,7 @@ public class DatanodeJspHelper {
|
||||||
UserGroupInformation ugi = JspHelper.getUGI(req, conf);
|
UserGroupInformation ugi = JspHelper.getUGI(req, conf);
|
||||||
|
|
||||||
String namenodeInfoPortStr = req.getParameter("namenodeInfoPort");
|
String namenodeInfoPortStr = req.getParameter("namenodeInfoPort");
|
||||||
String nnAddr = req.getParameter(JspHelper.NAMENODE_ADDRESS);
|
String nnAddr = StringEscapeUtils.escapeHtml(req.getParameter(JspHelper.NAMENODE_ADDRESS));
|
||||||
int namenodeInfoPort = -1;
|
int namenodeInfoPort = -1;
|
||||||
if (namenodeInfoPortStr != null)
|
if (namenodeInfoPortStr != null)
|
||||||
namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr);
|
namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr);
|
||||||
|
|
Loading…
Reference in New Issue