HBASE-17561 table status page should escape values that may contain arbitrary characters.
Signed-off-by: Esteban Gutierrez <esteban@apache.org>
This commit is contained in:
parent
0e05537dec
commit
350904e90f
|
@ -21,6 +21,7 @@
|
|||
<%@ page contentType="text/html;charset=UTF-8"
|
||||
import="static org.apache.commons.lang.StringEscapeUtils.escapeXml"
|
||||
import="org.apache.hadoop.hbase.shaded.com.google.protobuf.ByteString"
|
||||
import="java.net.URLEncoder"
|
||||
import="java.util.ArrayList"
|
||||
import="java.util.TreeMap"
|
||||
import="java.util.List"
|
||||
|
@ -30,6 +31,7 @@
|
|||
import="java.util.Collection"
|
||||
import="java.util.Collections"
|
||||
import="java.util.Comparator"
|
||||
import="org.apache.commons.lang.StringEscapeUtils"
|
||||
import="org.apache.hadoop.conf.Configuration"
|
||||
import="org.apache.hadoop.util.StringUtils"
|
||||
import="org.apache.hadoop.hbase.HRegionInfo"
|
||||
|
@ -67,6 +69,7 @@
|
|||
|
||||
MetaTableLocator metaTableLocator = new MetaTableLocator();
|
||||
String fqtn = request.getParameter("name");
|
||||
final String escaped_fqtn = StringEscapeUtils.escapeHtml(fqtn);
|
||||
String sortKey = request.getParameter("sort");
|
||||
String reverse = request.getParameter("reverse");
|
||||
final boolean reverseOrder = (reverse==null||!reverse.equals("false"));
|
||||
|
@ -116,9 +119,9 @@
|
|||
<head>
|
||||
<meta charset="utf-8">
|
||||
<% if ( !readOnly && action != null ) { %>
|
||||
<title>HBase Master: <%= master.getServerName() %></title>
|
||||
<title>HBase Master: <%= StringEscapeUtils.escapeHtml(master.getServerName().toString()) %></title>
|
||||
<% } else { %>
|
||||
<title>Table: <%= fqtn %></title>
|
||||
<title>Table: <%= escaped_fqtn %></title>
|
||||
<% } %>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="description" content="">
|
||||
|
@ -226,7 +229,7 @@ if ( fqtn != null ) {
|
|||
<div class="container-fluid content">
|
||||
<div class="row inner_header">
|
||||
<div class="page-header">
|
||||
<h1>Table <small><%= fqtn %></small></h1>
|
||||
<h1>Table <small><%= escaped_fqtn %></small></h1>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
|
@ -251,7 +254,8 @@ if ( fqtn != null ) {
|
|||
|
||||
if (metaLocation != null) {
|
||||
ServerLoad sl = master.getServerManager().getLoad(metaLocation);
|
||||
url = "//" + metaLocation.getHostname() + ":" + master.getRegionServerInfoPort(metaLocation) + "/";
|
||||
// The host name portion should be safe, but I don't know how we handle IDNs so err on the side of failing safely.
|
||||
url = "//" + URLEncoder.encode(metaLocation.getHostname()) + ":" + master.getRegionServerInfoPort(metaLocation) + "/";
|
||||
if (sl != null) {
|
||||
Map<byte[], RegionLoad> map = sl.getRegionsLoad();
|
||||
if (map.containsKey(meta.getRegionName())) {
|
||||
|
@ -268,7 +272,7 @@ if ( fqtn != null ) {
|
|||
%>
|
||||
<tr>
|
||||
<td><%= escapeXml(meta.getRegionNameAsString()) %></td>
|
||||
<td><a href="<%= url %>"><%= metaLocation.getHostname().toString() + ":" + master.getRegionServerInfoPort(metaLocation) %></a></td>
|
||||
<td><a href="<%= url %>"><%= StringEscapeUtils.escapeHtml(metaLocation.getHostname().toString()) + ":" + master.getRegionServerInfoPort(metaLocation) %></a></td>
|
||||
<td><%= readReq%></td>
|
||||
<td><%= writeReq%></td>
|
||||
<td><%= fileSize%></td>
|
||||
|
@ -307,8 +311,10 @@ if ( fqtn != null ) {
|
|||
<%= compactionState %>
|
||||
<%
|
||||
} catch (Exception e) {
|
||||
// Nothing really to do here
|
||||
e.printStackTrace();
|
||||
// Nothing really to do here
|
||||
for(StackTraceElement element : e.getStackTrace()) {
|
||||
%><%= StringEscapeUtils.escapeHtml(element.toString()) %><%
|
||||
}
|
||||
%> Unknown <%
|
||||
}
|
||||
%>
|
||||
|
@ -334,7 +340,7 @@ if ( fqtn != null ) {
|
|||
for (HColumnDescriptor family: families) {
|
||||
%>
|
||||
<tr>
|
||||
<td><%= family.getNameAsString() %></td>
|
||||
<td><%= StringEscapeUtils.escapeHtml(family.getNameAsString()) %></td>
|
||||
<td>
|
||||
<table class="table table-striped">
|
||||
<tr>
|
||||
|
@ -347,10 +353,10 @@ if ( fqtn != null ) {
|
|||
%>
|
||||
<tr>
|
||||
<td>
|
||||
<%= familyKey %>
|
||||
<%= StringEscapeUtils.escapeHtml(familyKey.toString()) %>
|
||||
</td>
|
||||
<td>
|
||||
<%= familyValues.get(familyKey) %>
|
||||
<%= StringEscapeUtils.escapeHtml(familyValues.get(familyKey).toString()) %>
|
||||
</td>
|
||||
</tr>
|
||||
<% } %>
|
||||
|
@ -623,7 +629,7 @@ ShowDetailName&Start/End Key<input type="checkbox" id="showWhole" style="margin-
|
|||
ServerLoad sl = master.getServerManager().getLoad(addr);
|
||||
// This port might be wrong if RS actually ended up using something else.
|
||||
urlRegionServer =
|
||||
"//" + addr.getHostname() + ":" + master.getRegionServerInfoPort(addr) + "/";
|
||||
"//" + URLEncoder.encode(addr.getHostname()) + ":" + master.getRegionServerInfoPort(addr) + "/";
|
||||
if(sl != null) {
|
||||
Integer i = regDistribution.get(addr);
|
||||
if (null == i) i = Integer.valueOf(0);
|
||||
|
@ -644,7 +650,7 @@ ShowDetailName&Start/End Key<input type="checkbox" id="showWhole" style="margin-
|
|||
if (urlRegionServer != null) {
|
||||
%>
|
||||
<td>
|
||||
<a href="<%= urlRegionServer %>"><%= addr.getHostname().toString() + ":" + master.getRegionServerInfoPort(addr) %></a>
|
||||
<a href="<%= urlRegionServer %>"><%= StringEscapeUtils.escapeHtml(addr.getHostname().toString()) + ":" + master.getRegionServerInfoPort(addr) %></a>
|
||||
</td>
|
||||
<%
|
||||
} else {
|
||||
|
@ -673,7 +679,7 @@ ShowDetailName&Start/End Key<input type="checkbox" id="showWhole" style="margin-
|
|||
<% } %>
|
||||
</table>
|
||||
<% if (numRegions > numRegionsRendered) {
|
||||
String allRegionsUrl = "?name=" + fqtn + "&numRegions=all";
|
||||
String allRegionsUrl = "?name=" + URLEncoder.encode(fqtn,"UTF-8") + "&numRegions=all";
|
||||
%>
|
||||
<p>This table has <b><%= numRegions %></b> regions in total, in order to improve the page load time,
|
||||
only <b><%= numRegionsRendered %></b> regions are displayed here, <a href="<%= allRegionsUrl %>">click
|
||||
|
@ -694,10 +700,10 @@ if (withReplica) {
|
|||
<%
|
||||
for (Map.Entry<ServerName, Integer> rdEntry : regDistribution.entrySet()) {
|
||||
ServerName addr = rdEntry.getKey();
|
||||
String url = "//" + addr.getHostname() + ":" + master.getRegionServerInfoPort(addr) + "/";
|
||||
String url = "//" + URLEncoder.encode(addr.getHostname()) + ":" + master.getRegionServerInfoPort(addr) + "/";
|
||||
%>
|
||||
<tr>
|
||||
<td><a href="<%= url %>"><%= addr.getHostname().toString() + ":" + master.getRegionServerInfoPort(addr) %></a></td>
|
||||
<td><a href="<%= url %>"><%= StringEscapeUtils.escapeHtml(addr.getHostname().toString()) + ":" + master.getRegionServerInfoPort(addr) %></a></td>
|
||||
<td><%= rdEntry.getValue()%></td>
|
||||
<%
|
||||
if (withReplica) {
|
||||
|
@ -711,7 +717,9 @@ if (withReplica) {
|
|||
</table>
|
||||
<% }
|
||||
} catch(Exception ex) {
|
||||
ex.printStackTrace(System.err);
|
||||
for(StackTraceElement element : ex.getStackTrace()) {
|
||||
%><%= StringEscapeUtils.escapeHtml(element.toString()) %><%
|
||||
}
|
||||
} finally {
|
||||
admin.close();
|
||||
}
|
||||
|
@ -741,7 +749,7 @@ Actions:
|
|||
<tr>
|
||||
<form method="get">
|
||||
<input type="hidden" name="action" value="compact">
|
||||
<input type="hidden" name="name" value="<%= fqtn %>">
|
||||
<input type="hidden" name="name" value="<%= escaped_fqtn %>">
|
||||
<td style="border-style: none; text-align: center">
|
||||
<input style="font-size: 12pt; width: 10em" type="submit" value="Compact" class="btn"></td>
|
||||
<td style="border-style: none" width="5%"> </td>
|
||||
|
@ -755,7 +763,7 @@ Actions:
|
|||
<tr>
|
||||
<form method="get">
|
||||
<input type="hidden" name="action" value="split">
|
||||
<input type="hidden" name="name" value="<%= fqtn %>">
|
||||
<input type="hidden" name="name" value="<%= escaped_fqtn %>">
|
||||
<td style="border-style: none; text-align: center">
|
||||
<input style="font-size: 12pt; width: 10em" type="submit" value="Split" class="btn"></td>
|
||||
<td style="border-style: none" width="5%"> </td>
|
||||
|
@ -769,7 +777,7 @@ Actions:
|
|||
<tr>
|
||||
<form method="get">
|
||||
<input type="hidden" name="action" value="merge">
|
||||
<input type="hidden" name="name" value="<%= fqtn %>">
|
||||
<input type="hidden" name="name" value="<%= escaped_fqtn %>">
|
||||
<td style="border-style: none; text-align: center">
|
||||
<input style="font-size: 12pt; width: 10em" type="submit" value="Merge" class="btn"></td>
|
||||
<td style="border-style: none" width="5%"> </td>
|
||||
|
@ -828,7 +836,7 @@ Actions:
|
|||
|
||||
<script>
|
||||
var index=0;
|
||||
var sortKeyValue='<%= sortKey %>';
|
||||
var sortKeyValue='<%= StringEscapeUtils.escapeJavaScript(sortKey) %>';
|
||||
if(sortKeyValue=="readrequest")index=1;
|
||||
else if(sortKeyValue=="writerequest")index=2;
|
||||
else if(sortKeyValue=="size")index=3;
|
||||
|
@ -837,14 +845,16 @@ else if(sortKeyValue=="memstore")index=5;
|
|||
else if(sortKeyValue=="locality")index=6;
|
||||
document.getElementById("sel").selectedIndex=index;
|
||||
|
||||
<% // turned into a boolean when we pulled it out of the request. %>
|
||||
var reverse='<%= reverseOrder %>';
|
||||
if(reverse=='false')document.getElementById("ascending").checked=true;
|
||||
|
||||
<% // turned into a boolean when we pulled it out of the request. %>
|
||||
var showWhole='<%= showWhole %>';
|
||||
if(showWhole=='true')document.getElementById("showWhole").checked=true;
|
||||
|
||||
function reloadAsSort(){
|
||||
var url="?name="+'<%= fqtn %>';
|
||||
var url="?name="+'<%= URLEncoder.encode(fqtn) %>';
|
||||
if(document.getElementById("sel").selectedIndex>0){
|
||||
url=url+"&sort="+document.getElementById("sel").value;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue