Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

JETTY-1057 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@455 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2009-07-01 00:48:11 +00:00
parent a8574969b9
commit 73d67b0287
2 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
VERSION.txt
View File

@ -8,6 +8,7 @@ jetty-7.0.0.M4-SNAPSHOT
+ JETTY-1049 Improved transparent proxy usability + JETTY-1049 Improved transparent proxy usability
+ JETTY-1054 Avoid double deploys + JETTY-1054 Avoid double deploys
+ JETTY-1055 Cookie quoting + JETTY-1055 Cookie quoting
+ JETTY-1057 Error page stack trace XSS
jetty-7.0.0.M3 20 June 2009 jetty-7.0.0.M3 20 June 2009
+ fixed race with expired async listeners + fixed race with expired async listeners

28
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java
View File

@ -75,12 +75,6 @@ public class ErrorHandler extends AbstractHandler
{ {
if (message == null) if (message == null)
message=HttpStatus.getCode(code).getMessage(); message=HttpStatus.getCode(code).getMessage();
else
{
message= StringUtil.replace(message, "&", "&");
message= StringUtil.replace(message, "<", "&lt;");
message= StringUtil.replace(message, ">", "&gt;");
}
writer.write("<html>\n<head>\n"); writer.write("<html>\n<head>\n");
writeErrorPageHead(request,writer,code,message); writeErrorPageHead(request,writer,code,message);
@ -98,7 +92,7 @@ public class ErrorHandler extends AbstractHandler
writer.write(Integer.toString(code)); writer.write(Integer.toString(code));
writer.write(' '); writer.write(' ');
if (message!=null) if (message!=null)
writer.write(message); writer.write(deScript(message));
writer.write("</title>\n"); writer.write("</title>\n");
} }
@ -107,12 +101,6 @@ public class ErrorHandler extends AbstractHandler
throws IOException throws IOException
{ {
String uri= request.getRequestURI(); String uri= request.getRequestURI();
if (uri!=null)
{
uri= StringUtil.replace(uri, "&", "&amp;");
uri= StringUtil.replace(uri, "<", "&lt;");
uri= StringUtil.replace(uri, ">", "&gt;");
}
writeErrorPageMessage(request,writer,code,message,uri); writeErrorPageMessage(request,writer,code,message,uri);
if (showStacks) if (showStacks)
@ -131,7 +119,7 @@ public class ErrorHandler extends AbstractHandler
writer.write("</h2>\n<p>Problem accessing "); writer.write("</h2>\n<p>Problem accessing ");
writer.write(uri); writer.write(uri);
writer.write(". Reason:\n<pre> "); writer.write(". Reason:\n<pre> ");
writer.write(message); writer.write(deScript(message));
writer.write("</pre></p>"); writer.write("</pre></p>");
} }
@ -147,7 +135,7 @@ public class ErrorHandler extends AbstractHandler
PrintWriter pw = new PrintWriter(sw); PrintWriter pw = new PrintWriter(sw);
th.printStackTrace(pw); th.printStackTrace(pw);
pw.flush(); pw.flush();
writer.write(sw.getBuffer().toString()); writer.write(deScript(sw.getBuffer().toString()));
writer.write("</pre>\n"); writer.write("</pre>\n");
th =th.getCause(); th =th.getCause();
@ -173,4 +161,14 @@ public class ErrorHandler extends AbstractHandler
_showStacks = showStacks; _showStacks = showStacks;
} }
/* ------------------------------------------------------------ */
protected String deScript(String string)
{
if (string==null)
return null;
string=StringUtil.replace(string, "&", "&amp;");
string=StringUtil.replace(string, "<", "&lt;");
string=StringUtil.replace(string, ">", "&gt;");
return string;
}
} }