JETTY-1057
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@455 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
a8574969b9
commit
73d67b0287
|
@ -8,6 +8,7 @@ jetty-7.0.0.M4-SNAPSHOT
|
|||
+ JETTY-1049 Improved transparent proxy usability
|
||||
+ JETTY-1054 Avoid double deploys
|
||||
+ JETTY-1055 Cookie quoting
|
||||
+ JETTY-1057 Error page stack trace XSS
|
||||
|
||||
jetty-7.0.0.M3 20 June 2009
|
||||
+ fixed race with expired async listeners
|
||||
|
|
|
@ -75,12 +75,6 @@ public class ErrorHandler extends AbstractHandler
|
|||
{
|
||||
if (message == null)
|
||||
message=HttpStatus.getCode(code).getMessage();
|
||||
else
|
||||
{
|
||||
message= StringUtil.replace(message, "&", "&");
|
||||
message= StringUtil.replace(message, "<", "<");
|
||||
message= StringUtil.replace(message, ">", ">");
|
||||
}
|
||||
|
||||
writer.write("<html>\n<head>\n");
|
||||
writeErrorPageHead(request,writer,code,message);
|
||||
|
@ -98,7 +92,7 @@ public class ErrorHandler extends AbstractHandler
|
|||
writer.write(Integer.toString(code));
|
||||
writer.write(' ');
|
||||
if (message!=null)
|
||||
writer.write(message);
|
||||
writer.write(deScript(message));
|
||||
writer.write("</title>\n");
|
||||
}
|
||||
|
||||
|
@ -107,12 +101,6 @@ public class ErrorHandler extends AbstractHandler
|
|||
throws IOException
|
||||
{
|
||||
String uri= request.getRequestURI();
|
||||
if (uri!=null)
|
||||
{
|
||||
uri= StringUtil.replace(uri, "&", "&");
|
||||
uri= StringUtil.replace(uri, "<", "<");
|
||||
uri= StringUtil.replace(uri, ">", ">");
|
||||
}
|
||||
|
||||
writeErrorPageMessage(request,writer,code,message,uri);
|
||||
if (showStacks)
|
||||
|
@ -131,7 +119,7 @@ public class ErrorHandler extends AbstractHandler
|
|||
writer.write("</h2>\n<p>Problem accessing ");
|
||||
writer.write(uri);
|
||||
writer.write(". Reason:\n<pre> ");
|
||||
writer.write(message);
|
||||
writer.write(deScript(message));
|
||||
writer.write("</pre></p>");
|
||||
}
|
||||
|
||||
|
@ -147,7 +135,7 @@ public class ErrorHandler extends AbstractHandler
|
|||
PrintWriter pw = new PrintWriter(sw);
|
||||
th.printStackTrace(pw);
|
||||
pw.flush();
|
||||
writer.write(sw.getBuffer().toString());
|
||||
writer.write(deScript(sw.getBuffer().toString()));
|
||||
writer.write("</pre>\n");
|
||||
|
||||
th =th.getCause();
|
||||
|
@ -173,4 +161,14 @@ public class ErrorHandler extends AbstractHandler
|
|||
_showStacks = showStacks;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
protected String deScript(String string)
|
||||
{
|
||||
if (string==null)
|
||||
return null;
|
||||
string=StringUtil.replace(string, "&", "&");
|
||||
string=StringUtil.replace(string, "<", "<");
|
||||
string=StringUtil.replace(string, ">", ">");
|
||||
return string;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue