Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SOLR-12190: properly escape output in GraphMLResponseWriter

This commit is contained in:
yonik 2018-04-11 22:57:34 -04:00
parent 8927d469cb
commit 8d20fc575b
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
solr/CHANGES.txt
View File

@ -140,6 +140,9 @@ Bug Fixes
* SOLR-12201: TestReplicationHandler.doTestIndexFetchOnMasterRestart(): handle unexpected replication failures * SOLR-12201: TestReplicationHandler.doTestIndexFetchOnMasterRestart(): handle unexpected replication failures
(Steve Rowe) (Steve Rowe)
* SOLR-12190: Need to properly escape output in GraphMLResponseWriter. (yonik)
Optimizations Optimizations
---------------------- ----------------------

14
solr/core/src/java/org/apache/solr/response/GraphMLResponseWriter.java
View File

@ -97,7 +97,7 @@ public class GraphMLResponseWriter implements QueryResponseWriter {
id = tuple.getString("collection") + "." + id; id = tuple.getString("collection") + "." + id;
} }
writer.write("<node id=\""+replace(id)+"\""); printWriter.write("<node id=\""+ xmlEscape(id)+"\"");
List<String> outfields = new ArrayList(); List<String> outfields = new ArrayList();
Iterator<String> keys = tuple.fields.keySet().iterator(); Iterator<String> keys = tuple.fields.keySet().iterator();
@ -115,7 +115,7 @@ public class GraphMLResponseWriter implements QueryResponseWriter {
for (String nodeAttribute : outfields) { for (String nodeAttribute : outfields) {
Object o = tuple.get(nodeAttribute); Object o = tuple.get(nodeAttribute);
if (o != null) { if (o != null) {
printWriter.println("<data key=\""+nodeAttribute+"\">" + o.toString() + "</data>"); printWriter.println("<data key=\"" + xmlEscape(nodeAttribute) + "\">" + xmlEscape(o.toString()) + "</data>");
} }
} }
printWriter.println("</node>"); printWriter.println("</node>");
@ -128,20 +128,20 @@ public class GraphMLResponseWriter implements QueryResponseWriter {
if(ancestors != null) { if(ancestors != null) {
for (String ancestor : ancestors) { for (String ancestor : ancestors) {
++edgeCount; ++edgeCount;
writer.write("<edge id=\"" + edgeCount + "\" "); printWriter.write("<edge id=\"" + edgeCount + "\" ");
writer.write(" source=\"" + replace(ancestor) + "\" "); printWriter.write(" source=\"" + xmlEscape(ancestor) + "\" ");
printWriter.println(" target=\"" + replace(id) + "\"/>"); printWriter.println(" target=\"" + xmlEscape(id) + "\"/>");
} }
} }
} }
writer.write("</graph></graphml>"); printWriter.write("</graph></graphml>");
} finally { } finally {
stream.close(); stream.close();
} }
} }
private String replace(String s) { private String xmlEscape(String s) {
if(s.indexOf(">") > -1) { if(s.indexOf(">") > -1) {
s = s.replace(">", "&gt;"); s = s.replace(">", "&gt;");
} }