Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

316597 Removed null check and fixed name in Resource#hrefEncodeURI 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2003 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2010-06-15 04:34:49 +00:00
parent 221cc8589f
commit 871f73d409
2 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
VERSION.txt
View File

@ -2,6 +2,7 @@ jetty-7.1.5-SNAPSHOT
+ 311550 The WebAppProvider should allow setTempDirectory + 311550 The WebAppProvider should allow setTempDirectory
+ 316449 Websocket disconnect fix + 316449 Websocket disconnect fix
+ 316584 Exception on startup if temp path has spaces and extractWAR=false + 316584 Exception on startup if temp path has spaces and extractWAR=false
+ 316597 Removed null check and fixed name in Resource#hrefEncodeURI
jetty-7.1.4.v20100610 jetty-7.1.4.v20100610
+ 298551 SslSocketConnector does not need keystore stream + 298551 SslSocketConnector does not need keystore stream

13
jetty-util/src/main/java/org/eclipse/jetty/util/resource/Resource.java
View File

@ -489,7 +489,7 @@ public abstract class Resource implements Serializable
buf.append("\">Parent Directory</A></TD><TD></TD><TD></TD></TR>\n"); buf.append("\">Parent Directory</A></TD><TD></TD><TD></TD></TR>\n");
} }
String defangedBase = defangURI(base); String encodedBase = hrefEncodeURI(base);
DateFormat dfmt=DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat dfmt=DateFormat.getDateTimeInstance(DateFormat.MEDIUM,
DateFormat.MEDIUM); DateFormat.MEDIUM);
@ -498,7 +498,7 @@ public abstract class Resource implements Serializable
Resource item = addPath(ls[i]); Resource item = addPath(ls[i]);
buf.append("\n<TR><TD><A HREF=\""); buf.append("\n<TR><TD><A HREF=\"");
String path=URIUtil.addPaths(defangedBase,URIUtil.encodePath(ls[i])); String path=URIUtil.addPaths(encodedBase,URIUtil.encodePath(ls[i]));
buf.append(path); buf.append(path);
@ -522,21 +522,19 @@ public abstract class Resource implements Serializable
} }
/** /**
* Defang any characters that could break the URI string in an HREF. * Encode any characters that could break the URI string in an HREF.
* Such as <a href="/path/to;<script>Window.alert("XSS"+'%20'+"here");</script>">Link</a> * Such as <a href="/path/to;<script>Window.alert("XSS"+'%20'+"here");</script>">Link</a>
* *
* The above example would parse incorrectly on various browsers as the "<" or '"' characters * The above example would parse incorrectly on various browsers as the "<" or '"' characters
* would end the href attribute value string prematurely. * would end the href attribute value string prematurely.
* *
* @param raw the raw text to defang. * @param raw the raw text to encode.
* @return the defanged text. * @return the defanged text.
*/ */
private static String defangURI(String raw) private static String hrefEncodeURI(String raw)
{ {
StringBuffer buf = null; StringBuffer buf = null;
if (buf==null)
{
for (int i=0;i<raw.length();i++) for (int i=0;i<raw.length();i++)
{ {
char c=raw.charAt(i); char c=raw.charAt(i);
@ -552,7 +550,6 @@ public abstract class Resource implements Serializable
} }
if (buf==null) if (buf==null)
return raw; return raw;
}
for (int i=0;i<raw.length();i++) for (int i=0;i<raw.length();i++)
{ {