From: <dcr...@hy...> - 2010-04-27 20:45:19
|
Author: dcrutchf Date: 2010-04-27 13:45:10 -0700 (Tue, 27 Apr 2010) New Revision: 14551 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=14551 Modified: trunk/web/admin/sql.jsp Log: Fixed formatting/escaping issue Modified: trunk/web/admin/sql.jsp =================================================================== --- trunk/web/admin/sql.jsp 2010-04-27 17:04:58 UTC (rev 14550) +++ trunk/web/admin/sql.jsp 2010-04-27 20:45:10 UTC (rev 14551) @@ -40,11 +40,11 @@ <%@ page import="javax.servlet.ServletRequest" %> <%@ page import="org.hyperic.util.StringUtil" %> <%@ page import="org.hyperic.util.jdbc.DBUtil" %> - <%@ page import="org.hyperic.hq.bizapp.shared.AuthzBoss" %> <%@ page import="org.hyperic.hq.bizapp.shared.AuthzBossUtil" %> <%@ page import="org.hyperic.hq.common.shared.HQConstants" %> <%@ page import="org.hyperic.hq.ui.util.SessionUtils" %> +<%@ page import="org.apache.commons.lang.StringEscapeUtils"%> <%! public static final SimpleDateFormat DBDATEFORMAT = new SimpleDateFormat("dd-MMM-yyyy"); @@ -53,7 +53,7 @@ private synchronized static void initCtx () throws NamingException { if (ctx == null) ctx = new InitialContext(); } -public static final String NULL = "<em>null</em>"; +public static final String NULL = "null"; private String stripSQLComments ( String sql ) { if ( sql == null ) return null; @@ -178,8 +178,8 @@ } else if ( couldBeTimes[i-1] && isLongField(aValue) ) { aValue = DBDATETIMEFORMAT.format(new Date(Long.parseLong(aValue))); } - rstr.append("<td valign=\"top\"><font face=\"Verdana,Arial,Helvetica\" size=\"-2\">") - .append(aValue).append("</font></td>"); + rstr.append("<td valign=\"top\"><font face=\"Verdana,Arial,Helvetica\" size=\"-2\" style=\"font-weight: normal;\">") + .append(StringEscapeUtils.escapeHtml(aValue)).append("</font></td>"); } rstr.append("</tr>"); } @@ -311,7 +311,6 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Direct SQL Access</title> |