From ea993dbb60facfb3ed2d9edb340d8840a56bb54b Mon Sep 17 00:00:00 2001 From: markt Date: Mon, 2 Jun 2008 21:41:28 +0000 Subject: [PATCH] Fix potential XSS in host-manager. This is CVE-2008-1947. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@662582 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/catalina/manager/host/HTMLHostManagerServlet.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java index c11afe1a0..cf1afa292 100644 --- a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java +++ b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java @@ -21,6 +21,7 @@ package org.apache.catalina.manager.host; import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; +import java.net.URLEncoder; import java.text.MessageFormat; import java.util.Iterator; import java.util.Map; @@ -278,17 +279,20 @@ public final class HTMLHostManagerServlet extends HostManagerServlet { args = new Object[7]; args[0] = response.encodeURL (request.getContextPath() + - "/html/start?name=" + hostName); + "/html/start?name=" + + URLEncoder.encode(hostName, "UTF-8")); args[1] = hostsStart; args[2] = response.encodeURL (request.getContextPath() + - "/html/stop?name=" + hostName); + "/html/stop?name=" + + URLEncoder.encode(hostName, "UTF-8")); args[3] = hostsStop; args[4] = response.encodeURL (request.getContextPath() + - "/html/remove?name=" + hostName); + "/html/remove?name=" + + URLEncoder.encode(hostName, "UTF-8")); args[5] = hostsRemove; - args[6] = hostName; + args[6] = RequestUtil.filter(hostName); if (host == this.host) { writer.print(MessageFormat.format( MANAGER_HOST_ROW_BUTTON_SECTION, args)); -- 2.11.0