Menu
▾
▴
[Exist-commits] SF.net SVN: exist:[9609] trunk/eXist/src/org/exist/http/RESTServer.java
|
From: <di...@us...> - 2009-07-31 21:42:39
|
Revision: 9609
http://exist.svn.sourceforge.net/exist/?rev=9609&view=rev
Author: dizzzz
Date: 2009-07-31 21:42:23 +0000 (Fri, 31 Jul 2009)
Log Message:
-----------
[bugfix] escape xml/html chars in REST API exception - ID: 2830333 ; patch by mike sokolov ; test: http://localhost:8080/exist/rest/db/_query=<
Modified Paths:
--------------
trunk/eXist/src/org/exist/http/RESTServer.java
Modified: trunk/eXist/src/org/exist/http/RESTServer.java
===================================================================
--- trunk/eXist/src/org/exist/http/RESTServer.java 2009-07-31 21:28:12 UTC (rev 9608)
+++ trunk/eXist/src/org/exist/http/RESTServer.java 2009-07-31 21:42:23 UTC (rev 9609)
@@ -49,6 +49,7 @@
import javax.xml.transform.TransformerConfigurationException;
import org.apache.log4j.Logger;
+
import org.exist.EXistException;
import org.exist.Namespaces;
import org.exist.collections.Collection;
@@ -59,6 +60,7 @@
import org.exist.dom.DocumentImpl;
import org.exist.dom.DocumentMetadata;
import org.exist.dom.MutableDocumentSet;
+import org.exist.dom.XMLUtil;
import org.exist.http.servlets.HttpRequestWrapper;
import org.exist.http.servlets.HttpResponseWrapper;
import org.exist.http.servlets.ResponseWrapper;
@@ -1397,11 +1399,12 @@
writer.write("</a></p>");
writer.write("<p class=\"errmsg\">");
- writer.write( ( e.getMessage() == null ? e.toString() : e.getMessage() ) );
+ String message = e.getMessage() == null ? e.toString() : e.getMessage();
+ writer.write(XMLUtil.encodeAttrMarkup(message));
writer.write("</p>");
if (query != null) {
writer.write("<p><span class=\"high\">Query</span>:</p><pre>");
- writer.write(query);
+ writer.write(XMLUtil.encodeAttrMarkup(query));
writer.write("</pre>");
}
writer.write("</body></html>");
@@ -1437,11 +1440,12 @@
writer.write(path);
writer.write("</path>");
writer.write("<message>");
- writer.write( ( e.getMessage() == null ? e.toString() : e.getMessage() ) );
+ String message = e.getMessage() == null ? e.toString() : e.getMessage();
+ writer.write(XMLUtil.encodeAttrMarkup(message));
writer.write("</message>");
if (query != null) {
writer.write("<query>");
- writer.write(query);
+ writer.write(XMLUtil.encodeAttrMarkup(query));
writer.write("</query>");
}
writer.write("</exception>");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|