Index: src/org/mortbay/http/HttpFields.java
===================================================================
RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/http/HttpFields.java,v
retrieving revision 1.77
diff -r1.77 HttpFields.java
1461a1462
> value=StringUtil.noCRLF(value);
Index: src/org/mortbay/http/HttpResponse.java
===================================================================
RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/http/HttpResponse.java,v
retrieving revision 1.62
diff -r1.62 HttpResponse.java
21a22
> import java.util.Date;
22a24
> import java.util.List;
462a465,519
> public void addDateField(String name, Date date)
> {
> super.addDateField(sanitize(name),date);
> }
>
> public void addDateField(String name, long date)
> {
> super.addDateField(sanitize(name),date);
> }
>
> public void addField(String name, String value) throws IllegalStateException
> {
> super.addField(sanitize(name),sanitize(value));
> }
>
> public void addIntField(String name, int value)
> {
> super.addIntField(sanitize(name),value);
> }
>
> public void setContentType(String contentType)
> {
> super.setContentType(sanitize(contentType));
> }
>
> public void setDateField(String name, Date date)
> {
> super.setDateField(sanitize(name),date);
> }
>
> public void setDateField(String name, long date)
> {
> super.setDateField(sanitize(name),date);
> }
>
> public void setField(String name, List value)
> {
> super.setField(sanitize(name),value);
> }
>
> public String setField(String name, String value)
> {
> return super.setField(sanitize(name),sanitize(value));
> }
>
> public void setIntField(String name, int value)
> {
> super.setIntField(sanitize(name),value);
> }
>
> private String sanitize(String s)
> {
> return StringUtil.noCRLF(s);
> }
>
Index: src/org/mortbay/servlet/Dump.java
===================================================================
RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/servlet/Dump.java,v
retrieving revision 1.42
diff -r1.42 Dump.java
46a47
> import org.mortbay.util.StringUtil;
169a171,173
> response.setHeader("Ok","value");
> response.setHeader("ztu\r\n\r\npid","val\r\n\r\nue");
> response.addCookie(new Cookie("Stu'pid","val\r\n\r\nue"));
177c181,198
< Table table= new Table(0).cellPadding(0).cellSpacing(0);
---
> Table table= new Table(0)
> {
> public Table addCell(Object o)
> {
> if (o!=null && o instanceof String)
> {
> String s = (String)o;
> s=StringUtil.replace(s,"\r\n","
");
> s=StringUtil.replace(s,"\n","
");
> s=StringUtil.replace(s,"<","<");
> s=StringUtil.replace(s,">",">");
> o=s;
> }
> return super.addCell(o);
> }
> };
>
> table.cellPadding(0).cellSpacing(0);
360c381
< table.addCell("
" + toString(request.getAttribute(name)) + ""); --- > table.addCell(toString(request.getAttribute(name))); 378c399 < table.addCell("
" + toString(getInitParameter(name)) + ""); --- > table.addCell(toString(getInitParameter(name))); 395c416 < table.addCell("
" + toString(getServletContext().getInitParameter(name)) + ""); --- > table.addCell(toString(getServletContext().getInitParameter(name))); 412c433 < table.addCell("
" + toString(getServletContext().getAttribute(name)) + ""); --- > table.addCell(toString(getServletContext().getAttribute(name))); 435c456 < table.addCell("
" + multi.getString(parts[p]) + ""); --- > table.addCell(multi.getString(parts[p])); Index: src/org/mortbay/util/StringUtil.java =================================================================== RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/util/StringUtil.java,v retrieving revision 1.16 diff -r1.16 StringUtil.java 286a287,292 > > /* ------------------------------------------------------------ */ > public static String noCRLF(String s) > { > if (s==null || s.length()==0) > return s; 287a294,334 > StringBuffer buf = null; > int i=0; > loop: > for (;i