Fix potential XSS in host-manager.

This is CVE-2008-1947.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@662582 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
index c11afe1..cf1afa2 100644 (file)
--- a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
+++ b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
@@ -21,6 +21,7 @@ package org.apache.catalina.manager.host;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.net.URLEncoder;
 import java.text.MessageFormat;
 import java.util.Iterator;
 import java.util.Map;
@@ -278,17 +279,20 @@ public final class HTMLHostManagerServlet extends HostManagerServlet {
                 args = new Object[7];
                 args[0] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/start?name=" + hostName);
+                     "/html/start?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[1] = hostsStart;
                 args[2] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/stop?name=" + hostName);
+                     "/html/stop?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[3] = hostsStop;
                 args[4] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/remove?name=" + hostName);
+                     "/html/remove?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[5] = hostsRemove;
-                args[6] = hostName;
+                args[6] = RequestUtil.filter(hostName);
                 if (host == this.host) {
                     writer.print(MessageFormat.format(
                         MANAGER_HOST_ROW_BUTTON_SECTION, args));