diff --git a/CHANGES.txt b/CHANGES.txt index 01bd24e7d2a..8b3e7fae9bd 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -197,6 +197,8 @@ Bug Fixes 11. Better parsing of pingQuery from solrconfig.xml (hossman, SOLR-70) 12. Fixed bug with "Distribution" page introduced when Versions were added to "Info" page (hossman) +13. Fixed HTML escaping issues with user input to analysis.jsp and action.jsp + (hossman, SOLR-74) Other Changes 1. Upgrade to Lucene 2.0 nightly build 2006-06-22, lucene SVN revision 416224, diff --git a/src/webapp/resources/admin/action.jsp b/src/webapp/resources/admin/action.jsp index 70b96b06f4e..978c5303a2e 100644 --- a/src/webapp/resources/admin/action.jsp +++ b/src/webapp/resources/admin/action.jsp @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --%> - +<%@ page import="org.apache.solr.util.XML"%> <%@ page import="org.apache.solr.core.SolrCore, org.apache.solr.schema.IndexSchema, java.io.File, @@ -98,7 +98,7 @@

Action:

- <%= action %>
+ <% XML.escapeCharData(action, out); %>
@@ -106,7 +106,7 @@

Result:

- <%= enableActionStatus %>
+ <% XML.escapeCharData(enableActionStatus, out); %>
diff --git a/src/webapp/resources/admin/analysis.jsp b/src/webapp/resources/admin/analysis.jsp index 45f27dad3fb..d91284bc229 100644 --- a/src/webapp/resources/admin/analysis.jsp +++ b/src/webapp/resources/admin/analysis.jsp @@ -62,7 +62,7 @@ Field name - + @@ -78,7 +78,7 @@ <%= highlight ? "checked=\"true\"" : "" %> > - + @@ -90,7 +90,7 @@ <%= qverbose ? "checked=\"true\"" : "" %> > - +