Author: lektran
Date: Mon Mar 8 16:05:19 2010
New Revision: 920371
URL:
http://svn.apache.org/viewvc?rev=920371&view=revLog:
Properly encode any error messages before attempting to write them to the response. I'm doing it here to avoid having to do the encoding within each app's error.jsp file, I think this should be fine though.
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java?rev=920371&r1=920370&r2=920371&view=diff==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java Mon Mar 8 16:05:19 2010
@@ -32,6 +32,7 @@
import org.apache.bsf.BSFManager;
import org.ofbiz.base.util.Debug;
+import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilGenerics;
import org.ofbiz.base.util.UtilHttp;
import org.ofbiz.base.util.UtilJ2eeCompat;
@@ -224,11 +225,13 @@
} catch (RequestHandlerException e) {
Throwable throwable = e.getNested() != null ? e.getNested() : e;
Debug.logError(throwable, "Error in request handler: ", module);
- request.setAttribute("_ERROR_MESSAGE_", throwable.toString());
+ StringUtil.HtmlEncoder encoder = new StringUtil.HtmlEncoder();
+ request.setAttribute("_ERROR_MESSAGE_", encoder.encode(throwable.toString()));
errorPage = requestHandler.getDefaultErrorPage(request);
} catch (Exception e) {
Debug.logError(e, "Error in request handler: ", module);
- request.setAttribute("_ERROR_MESSAGE_", e.toString());
+ StringUtil.HtmlEncoder encoder = new StringUtil.HtmlEncoder();
+ request.setAttribute("_ERROR_MESSAGE_", encoder.encode(e.toString()));
errorPage = requestHandler.getDefaultErrorPage(request);
}
Locked
