JETTY-1129 Filter control characters out of StdErrLog
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@991 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
9583051709
commit
b5d16898e5
31
VERSION.txt
31
VERSION.txt
|
@ -13,6 +13,7 @@ jetty-7.0.1-SNAPSHOT
|
|||
+ JETTY-937 More JVM bug work arounds. Insert pause if all else fails
|
||||
+ JETTY-1114 unsynchronised WebAppClassloader.getResource(String)
|
||||
+ JETTY-1122 Handle multi-byte utf that causes buffer overflow
|
||||
+ JETTY-1129 Filter control characters out of StdErrLog
|
||||
+ Fixed XSS issue in CookieDump demo servlet.
|
||||
+ 291019 Fix default DEBUG option; "-D.DEBUG=true" now works
|
||||
+ 291340 Race condition in onException() notifications
|
||||
|
@ -22,6 +23,36 @@ jetty-7.0.1-SNAPSHOT
|
|||
jetty-7.0.0.v20091005 5 October 2009
|
||||
291340 Race condition in onException() notifications
|
||||
|
||||
jetty-6.1.21 22 September 2009
|
||||
+ JETTY-719 Document state machine of jetty http client
|
||||
+ JETTY-933 State == HEADER in client
|
||||
+ JETTY-936 Improved servlet matching and optimized
|
||||
+ JETTY-1038 ChannelId.isParentOf returns the wrong result
|
||||
+ JETTY-1061 Catch exceptions from cometd listeners
|
||||
+ JETTY-1072 maven plugin handles context path not as documented
|
||||
+ JETTY-1080 modified previous fix for windows
|
||||
+ JETTY-1084 HEAD command not setting content-type in response under certain circumstances
|
||||
+ JETTY-1090 resolve inifinte loop condition for webdav listener
|
||||
+ JETTY-1092 MultiPartFilter can be pushed into infinite loop
|
||||
+ JETTY-1093 Request.toString throws exception when size exceeds 4k
|
||||
+ JETTY-1098 Default form encoding is UTF8
|
||||
+ JETTY-1099 Improve cookie handling in BayeuxClient
|
||||
+ JETTY-1100 extend setuid feature to allow setting max open file descriptors
|
||||
+ JETTY-1102 Wrong usage of deliver() in private chat messages
|
||||
+ JETTY-1108 SSL EOF detection
|
||||
+ JETTY-1109 Improper handling of cookies in Terracotta tests
|
||||
+ JETTY-1112 Response fails if header exceeds buffer size
|
||||
+ JETTY-1113 IllegalStateException when adding servlet filters programmatically
|
||||
+ JETTY-1114 Unsynchronize webapp classloader getResource
|
||||
+ 282543 HttpClient SSL buffer size fix
|
||||
+ 288055 fix jetty-client for failed listener state machine
|
||||
+ 288153 reset exchange when resending
|
||||
+ 288182 PUT request fails during retry
|
||||
+ Fix DefaultServletTest for windows
|
||||
+ Update Jetty implementation of com.sun.net.httpserver.*
|
||||
+ Include tmp directory sweeper in build
|
||||
+ Streamline jetty-jboss build, update sar to QueuedThreadPool
|
||||
|
||||
jetty-7.0.0.RC6 September 21 2009
|
||||
+ Fixed XSS issue in CookieDump demo servlet.
|
||||
+ 289958 StatisticsServlet incorrectly adds StatisticsHandler
|
||||
|
|
|
@ -456,7 +456,15 @@ public class HttpParser implements Parser
|
|||
case HttpHeaders.CONTENT_LENGTH_ORDINAL:
|
||||
if (_contentLength != HttpTokens.CHUNKED_CONTENT)
|
||||
{
|
||||
_contentLength=BufferUtil.toLong(value);
|
||||
try
|
||||
{
|
||||
_contentLength=BufferUtil.toLong(value);
|
||||
}
|
||||
catch(NumberFormatException e)
|
||||
{
|
||||
Log.ignore(e);
|
||||
throw new HttpException(HttpStatus.BAD_REQUEST_400);
|
||||
}
|
||||
if (_contentLength <= 0)
|
||||
_contentLength=HttpTokens.NO_CONTENT;
|
||||
}
|
||||
|
|
|
@ -92,8 +92,7 @@ public class ErrorHandler extends AbstractHandler
|
|||
writer.write("<title>Error ");
|
||||
writer.write(Integer.toString(code));
|
||||
writer.write(' ');
|
||||
if (message!=null)
|
||||
writer.write(deScript(message));
|
||||
write(writer,message);
|
||||
writer.write("</title>\n");
|
||||
}
|
||||
|
||||
|
@ -118,9 +117,9 @@ public class ErrorHandler extends AbstractHandler
|
|||
writer.write("<h2>HTTP ERROR ");
|
||||
writer.write(Integer.toString(code));
|
||||
writer.write("</h2>\n<p>Problem accessing ");
|
||||
writer.write(deScript(uri));
|
||||
write(writer,uri);
|
||||
writer.write(". Reason:\n<pre> ");
|
||||
writer.write(deScript(message));
|
||||
write(writer,message);
|
||||
writer.write("</pre></p>");
|
||||
}
|
||||
|
||||
|
@ -136,7 +135,7 @@ public class ErrorHandler extends AbstractHandler
|
|||
PrintWriter pw = new PrintWriter(sw);
|
||||
th.printStackTrace(pw);
|
||||
pw.flush();
|
||||
writer.write(deScript(sw.getBuffer().toString()));
|
||||
write(writer,sw.getBuffer().toString());
|
||||
writer.write("</pre>\n");
|
||||
|
||||
th =th.getCause();
|
||||
|
@ -163,13 +162,34 @@ public class ErrorHandler extends AbstractHandler
|
|||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
protected String deScript(String string)
|
||||
protected void write(Writer writer,String string)
|
||||
throws IOException
|
||||
{
|
||||
if (string==null)
|
||||
return null;
|
||||
string=StringUtil.replace(string, "&", "&");
|
||||
string=StringUtil.replace(string, "<", "<");
|
||||
string=StringUtil.replace(string, ">", ">");
|
||||
return string;
|
||||
return;
|
||||
|
||||
for (int i=0;i<string.length();i++)
|
||||
{
|
||||
char c=string.charAt(i);
|
||||
|
||||
switch(c)
|
||||
{
|
||||
case '&' :
|
||||
writer.write("&");
|
||||
break;
|
||||
case '<' :
|
||||
writer.write("<");
|
||||
break;
|
||||
case '>' :
|
||||
writer.write(">");
|
||||
break;
|
||||
|
||||
default:
|
||||
if (Character.isISOControl(c) && !Character.isWhitespace(c))
|
||||
writer.write('?');
|
||||
else
|
||||
writer.write(c);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -37,6 +37,7 @@ public class StdErrLog implements Logger
|
|||
private boolean _debug = __debug;
|
||||
private final String _name;
|
||||
private boolean _hideStacks=false;
|
||||
StringBuilder _buffer = new StringBuilder();
|
||||
|
||||
static
|
||||
{
|
||||
|
@ -99,14 +100,24 @@ public class StdErrLog implements Logger
|
|||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":INFO:"+_name+":"+msg);
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":INFO:");
|
||||
format(msg);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
|
||||
public void info(String msg,Object arg0, Object arg1)
|
||||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":INFO:"+_name+":"+format(msg,arg0,arg1));
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":INFO:");
|
||||
format(msg,arg0,arg1);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
|
||||
public void debug(String msg,Throwable th)
|
||||
|
@ -115,13 +126,15 @@ public class StdErrLog implements Logger
|
|||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":DBUG:"+_name+":"+msg);
|
||||
if (th!=null)
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":DBUG:");
|
||||
format(msg);
|
||||
if (_hideStacks)
|
||||
System.err.println(th);
|
||||
format(th.toString());
|
||||
else
|
||||
th.printStackTrace();
|
||||
format(th);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -132,7 +145,12 @@ public class StdErrLog implements Logger
|
|||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":DBUG:"+_name+":"+msg);
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":DBUG:");
|
||||
format(msg);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -142,7 +160,12 @@ public class StdErrLog implements Logger
|
|||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":DBUG:"+_name+":"+format(msg,arg0,arg1));
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":DBUG:");
|
||||
format(msg,arg0,arg1);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -150,40 +173,127 @@ public class StdErrLog implements Logger
|
|||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":WARN:"+_name+":"+msg);
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":WARN:");
|
||||
format(msg);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
|
||||
public void warn(String msg,Object arg0, Object arg1)
|
||||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":WARN:"+_name+":"+format(msg,arg0,arg1));
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":WARN:");
|
||||
format(msg,arg0,arg1);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
|
||||
public void warn(String msg, Throwable th)
|
||||
{
|
||||
String d=_dateCache.now();
|
||||
int ms=_dateCache.lastMs();
|
||||
System.err.println(d+(ms>99?".":(ms>0?".0":".00"))+ms+":WARN:"+_name+":"+msg);
|
||||
if (th!=null)
|
||||
int ms=_dateCache.lastMs();
|
||||
synchronized(_buffer)
|
||||
{
|
||||
tag(d,ms,":WARN:");
|
||||
format(msg);
|
||||
if (_hideStacks)
|
||||
System.err.println(th);
|
||||
format(th.toString());
|
||||
else
|
||||
th.printStackTrace();
|
||||
}
|
||||
format(th);
|
||||
System.err.println(_buffer.toString());
|
||||
}
|
||||
}
|
||||
|
||||
private String format(String msg, Object arg0, Object arg1)
|
||||
|
||||
private void tag(String d,int ms,String tag)
|
||||
{
|
||||
_buffer.setLength(0);
|
||||
_buffer.append(d);
|
||||
if (ms>99)
|
||||
_buffer.append('.');
|
||||
else if (ms>9)
|
||||
_buffer.append(".0");
|
||||
else
|
||||
_buffer.append(".00");
|
||||
_buffer.append(ms).append(tag).append(_name).append(':');
|
||||
}
|
||||
|
||||
private void format(String msg, Object arg0, Object arg1)
|
||||
{
|
||||
int i0=msg.indexOf("{}");
|
||||
int i1=i0<0?-1:msg.indexOf("{}",i0+2);
|
||||
|
||||
if (arg1!=null && i1>=0)
|
||||
msg=msg.substring(0,i1)+arg1+msg.substring(i1+2);
|
||||
if (arg0!=null && i0>=0)
|
||||
msg=msg.substring(0,i0)+arg0+msg.substring(i0+2);
|
||||
return msg;
|
||||
if (i0>=0)
|
||||
{
|
||||
format(msg.substring(0,i0));
|
||||
format(String.valueOf(arg0));
|
||||
|
||||
if (i1>=0)
|
||||
{
|
||||
format(msg.substring(i0+2,i1));
|
||||
format(String.valueOf(arg1));
|
||||
format(msg.substring(i1+2));
|
||||
}
|
||||
else
|
||||
{
|
||||
format(msg.substring(i1+2));
|
||||
if (arg1!=null)
|
||||
{
|
||||
_buffer.append(' ');
|
||||
format(String.valueOf(arg1));
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
format(msg);
|
||||
if (arg0!=null)
|
||||
{
|
||||
_buffer.append(' ');
|
||||
format(String.valueOf(arg0));
|
||||
}
|
||||
if (arg1!=null)
|
||||
{
|
||||
_buffer.append(' ');
|
||||
format(String.valueOf(arg1));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void format(String msg)
|
||||
{
|
||||
for (int i=0;i<msg.length();i++)
|
||||
{
|
||||
char c=msg.charAt(i);
|
||||
if (Character.isISOControl(c))
|
||||
{
|
||||
if (c=='\n')
|
||||
_buffer.append('|');
|
||||
else if (c=='\r')
|
||||
_buffer.append('<');
|
||||
else
|
||||
_buffer.append('?');
|
||||
}
|
||||
else
|
||||
_buffer.append(c);
|
||||
}
|
||||
}
|
||||
|
||||
private void format(Throwable th)
|
||||
{
|
||||
_buffer.append('\n');
|
||||
format(th.toString());
|
||||
StackTraceElement[] elements = th.getStackTrace();
|
||||
for (int i=0;elements!=null && i<elements.length;i++)
|
||||
{
|
||||
_buffer.append("\n\tat ");
|
||||
format(elements[i].toString());
|
||||
}
|
||||
}
|
||||
|
||||
public Logger getLogger(String name)
|
||||
|
|
Loading…
Reference in New Issue