SOLR-12190: properly escape output in GraphMLResponseWriter

This commit is contained in:
yonik 2018-04-11 22:57:34 -04:00
parent 8927d469cb
commit 8d20fc575b
2 changed files with 10 additions and 7 deletions

View File

@ -140,6 +140,9 @@ Bug Fixes
* SOLR-12201: TestReplicationHandler.doTestIndexFetchOnMasterRestart(): handle unexpected replication failures
(Steve Rowe)
* SOLR-12190: Need to properly escape output in GraphMLResponseWriter. (yonik)
Optimizations
----------------------

View File

@ -97,7 +97,7 @@ public class GraphMLResponseWriter implements QueryResponseWriter {
id = tuple.getString("collection") + "." + id;
}
writer.write("<node id=\""+replace(id)+"\"");
printWriter.write("<node id=\""+ xmlEscape(id)+"\"");
List<String> outfields = new ArrayList();
Iterator<String> keys = tuple.fields.keySet().iterator();
@ -115,7 +115,7 @@ public class GraphMLResponseWriter implements QueryResponseWriter {
for (String nodeAttribute : outfields) {
Object o = tuple.get(nodeAttribute);
if (o != null) {
printWriter.println("<data key=\""+nodeAttribute+"\">" + o.toString() + "</data>");
printWriter.println("<data key=\"" + xmlEscape(nodeAttribute) + "\">" + xmlEscape(o.toString()) + "</data>");
}
}
printWriter.println("</node>");
@ -128,20 +128,20 @@ public class GraphMLResponseWriter implements QueryResponseWriter {
if(ancestors != null) {
for (String ancestor : ancestors) {
++edgeCount;
writer.write("<edge id=\"" + edgeCount + "\" ");
writer.write(" source=\"" + replace(ancestor) + "\" ");
printWriter.println(" target=\"" + replace(id) + "\"/>");
printWriter.write("<edge id=\"" + edgeCount + "\" ");
printWriter.write(" source=\"" + xmlEscape(ancestor) + "\" ");
printWriter.println(" target=\"" + xmlEscape(id) + "\"/>");
}
}
}
writer.write("</graph></graphml>");
printWriter.write("</graph></graphml>");
} finally {
stream.close();
}
}
private String replace(String s) {
private String xmlEscape(String s) {
if(s.indexOf(">") > -1) {
s = s.replace(">", "&gt;");
}