diff --git a/CHANGES.txt b/CHANGES.txt index f687f9db7c0..aca66449612 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -175,6 +175,9 @@ Bug Fixes * SOLR-1736:In the slave , If 'mov'ing file does not succeed , copy the file (noble) +* SOLR-1579: Fixes to XML escaping in stats.jsp + (David Bowen and hossman) + Other Changes ---------------------- diff --git a/src/webapp/web/admin/stats.jsp b/src/webapp/web/admin/stats.jsp index ca38c88e9b3..5a8e7d6e9ca 100644 --- a/src/webapp/web/admin/stats.jsp +++ b/src/webapp/web/admin/stats.jsp @@ -27,12 +27,12 @@ <% if (core.getName() != null) { %> - <%=core.getName()%> + <% XML.escapeCharData(core.getName(), out); %> <% } %> - <%= collectionName %> - <%= hostname %> - <%= new Date().toString() %> - <%= new Date(core.getStartTime()) %> + <% XML.escapeCharData(collectionName, out); %> + <% XML.escapeCharData(hostname, out); %> + <% XML.escapeCharData(new Date().toString(), out); %> + <% XML.escapeCharData(new Date(core.getStartTime()).toString(), out); %> <% for (SolrInfoMBean.Category cat : SolrInfoMBean.Category.values()) { @@ -55,23 +55,23 @@ for (SolrInfoMBean.Category cat : SolrInfoMBean.Category.values()) { %> - <%= key %> + <% XML.escapeCharData(key, out); %> - <%= name %> + <% XML.escapeCharData(name, out); %> - <%= vers %> + <% XML.escapeCharData(vers, out); %> - <%= desc %> + <% XML.escapeCharData(desc, out); %> <% for (int i = 0; i < nl.size() ; i++) { %> - - <%= nl.getVal(i).toString() %> + + <% XML.escapeCharData(nl.getVal(i).toString(), out); %> <% }