rpms / jetty

Clone
Source Code
GIT

Blame jetty-CERT438616-CERT237888-CERT21284.patch

eclipse f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f8 f9 jetty9 main rawhide tycho
  1.   1908eef1242b48089e4dbd4101eab3326cd24128
  2.   jetty-CERT438616-CERT237888-CERT21284.patch
Blob History Raw
645d07a 
Index: src/org/mortbay/http/HttpFields.java
645d07a 
===================================================================
645d07a 
RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/http/HttpFields.java,v
645d07a 
retrieving revision 1.77
645d07a 
diff -r1.77 HttpFields.java
645d07a 
1461a1462
645d07a 
>                 value=StringUtil.noCRLF(value);
645d07a 
Index: src/org/mortbay/http/HttpResponse.java
645d07a 
===================================================================
645d07a 
RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/http/HttpResponse.java,v
645d07a 
retrieving revision 1.62
645d07a 
diff -r1.62 HttpResponse.java
645d07a 
21a22
645d07a 
> import java.util.Date;
645d07a 
22a24
645d07a 
> import java.util.List;
645d07a 
462a465,519
645d07a 
>     public void addDateField(String name, Date date)
645d07a 
>     {
645d07a 
>         super.addDateField(sanitize(name),date);
645d07a 
>     }
645d07a 
>
645d07a 
>     public void addDateField(String name, long date)
645d07a 
>     {
645d07a 
>         super.addDateField(sanitize(name),date);
645d07a 
>     }
645d07a 
>
645d07a 
>     public void addField(String name, String value) throws IllegalStateException
645d07a 
>     {
645d07a 
>         super.addField(sanitize(name),sanitize(value));
645d07a 
>     }
645d07a 
>
645d07a 
>     public void addIntField(String name, int value)
645d07a 
>     {
645d07a 
>         super.addIntField(sanitize(name),value);
645d07a 
>     }
645d07a 
>
645d07a 
>     public void setContentType(String contentType)
645d07a 
>     {
645d07a 
>         super.setContentType(sanitize(contentType));
645d07a 
>     }
645d07a 
>
645d07a 
>     public void setDateField(String name, Date date)
645d07a 
>     {
645d07a 
>         super.setDateField(sanitize(name),date);
645d07a 
>     }
645d07a 
>
645d07a 
>     public void setDateField(String name, long date)
645d07a 
>     {
645d07a 
>         super.setDateField(sanitize(name),date);
645d07a 
>     }
645d07a 
>
645d07a 
>     public void setField(String name, List value)
645d07a 
>     {
645d07a 
>         super.setField(sanitize(name),value);
645d07a 
>     }
645d07a 
>
645d07a 
>     public String setField(String name, String value)
645d07a 
>     {
645d07a 
>         return super.setField(sanitize(name),sanitize(value));
645d07a 
>     }
645d07a 
>
645d07a 
>     public void setIntField(String name, int value)
645d07a 
>     {
645d07a 
>         super.setIntField(sanitize(name),value);
645d07a 
>     }
645d07a 
>
645d07a 
>     private String sanitize(String s)
645d07a 
>     {
645d07a 
>         return StringUtil.noCRLF(s);
645d07a 
>     }
645d07a 
>
645d07a 
Index: src/org/mortbay/servlet/Dump.java
645d07a 
===================================================================
645d07a 
RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/servlet/Dump.java,v
645d07a 
retrieving revision 1.42
645d07a 
diff -r1.42 Dump.java
645d07a 
46a47
645d07a 
> import org.mortbay.util.StringUtil;
645d07a 
169a171,173
645d07a 
>         response.setHeader("Ok","value");
645d07a 
>         response.setHeader("ztu\r\n\r\npid","val\r\n\r\nue");
645d07a 
>         response.addCookie(new Cookie("Stu'pid","val\r\n\r\nue"));
645d07a 
177c181,198
645d07a 
<             Table table= new Table(0).cellPadding(0).cellSpacing(0);
645d07a 
---
645d07a 
>             Table table= new Table(0)
645d07a 
>             {
645d07a 
>                 public Table addCell(Object o)
645d07a 
>                 {
645d07a 
>                     if (o!=null && o instanceof String)
645d07a 
>                     {
645d07a 
>                         String s = (String)o;
645d07a 
>                         s=StringUtil.replace(s,"\r\n","
");
645d07a 
>                         s=StringUtil.replace(s,"\n","
");
645d07a 
>                         s=StringUtil.replace(s,"<","<");
645d07a 
>                         s=StringUtil.replace(s,">",">");
645d07a 
>                         o=s;
645d07a 
>                     }
645d07a 
>                     return super.addCell(o);
645d07a 
>                 }
645d07a 
>             };
645d07a 
>
645d07a 
>             table.cellPadding(0).cellSpacing(0);
645d07a 
360c381
645d07a 
<                 table.addCell("
" + toString(request.getAttribute(name)) + "
");
645d07a 
---
645d07a 
>                 table.addCell(toString(request.getAttribute(name)));
645d07a 
378c399
645d07a 
<                 table.addCell("
" + toString(getInitParameter(name)) + "
");
645d07a 
---
645d07a 
>                 table.addCell(toString(getInitParameter(name)));
645d07a 
395c416
645d07a 
<                 table.addCell("
" + toString(getServletContext().getInitParameter(name)) + "
");
645d07a 
---
645d07a 
>                 table.addCell(toString(getServletContext().getInitParameter(name)));
645d07a 
412c433
645d07a 
<                 table.addCell("
" + toString(getServletContext().getAttribute(name)) + "
");
645d07a 
---
645d07a 
>                 table.addCell(toString(getServletContext().getAttribute(name)));
645d07a 
435c456
645d07a 
<                     table.addCell("
" + multi.getString(parts[p]) + "
");
645d07a 
---
645d07a 
>                     table.addCell(multi.getString(parts[p]));
645d07a 
Index: src/org/mortbay/util/StringUtil.java
645d07a 
===================================================================
645d07a 
RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/util/StringUtil.java,v
645d07a 
retrieving revision 1.16
645d07a 
diff -r1.16 StringUtil.java
645d07a 
286a287,292
645d07a 
>
645d07a 
>     /* ------------------------------------------------------------ */
645d07a 
>     public static String noCRLF(String s)
645d07a 
>     {
645d07a 
>         if (s==null || s.length()==0)
645d07a 
>             return s;
645d07a 
287a294,334
645d07a 
>         StringBuffer buf = null;
645d07a 
>         int i=0;
645d07a 
>         loop:
645d07a 
>         for (;i
645d07a 
>         {
645d07a 
>             char c = s.charAt(i);
645d07a 
>             switch(c)
645d07a 
>             {
645d07a 
>                 case 0:
645d07a 
>                 case '\n':
645d07a 
>                 case '\r':
645d07a 
>                 {
645d07a 
>                     buf=new StringBuffer(s.length());
645d07a 
>                     buf.append(s,0,i);
645d07a 
>                     buf.append('.');
645d07a 
>                     break loop;
645d07a 
>                 }
645d07a 
>                 default:
645d07a 
>             }
645d07a 
>         }
645d07a 
>
645d07a 
>         if (buf==null)
645d07a 
>             return s;
645d07a 
>
645d07a 
>         for (;i
645d07a 
>         {
645d07a 
>             char c = s.charAt(i);
645d07a 
>             switch(c)
645d07a 
>             {
645d07a 
>                 case 0:
645d07a 
>                 case '\n':
645d07a 
>                 case '\r':
645d07a 
>                     buf.append('.');
645d07a 
>                     break;
645d07a 
>                 default:
645d07a 
>                     buf.append(c);
645d07a 
>             }
645d07a 
>         }
645d07a 
>
645d07a 
>         return buf.toString();
645d07a 
>     }
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.