ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55132] Javadoc vulnerability (CVE-2013-1571, VU#225657)
Date Mon, 24 Jun 2013 15:31:13 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55132

--- Comment #5 from Uwe Schindler (ASF) <uwe@thetaphi.de> ---
Are you sure that this works correct on windows?

fixData = FileUtils.readFully(new InputStreamReader(in, "US-ASCII")).trim()
  .replace("\r\n", StringUtils.LINE_SEP)
  .replace("\n", StringUtils.LINE_SEP);

On Windows and if the text file is also windows format this would replace \r\n
to \r\n (ok, no change), the second replace would replace the first \n again
into \r\n, so you would get \r\r\n.

On Linux it works correctly, maybe this is why you did not get it.

I checked this morning the Replace task, it does it correctly:
fixData = FileUtils.readFully(new InputStreamReader(in, "US-ASCII")).trim()
  .replace("\r\n", "\n")
  .replace("\n", StringUtils.LINE_SEP);

Also please note that String.replace uses a regular expression!!! So its better
to also use patchContent() to replace the line feeds.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Mime
View raw message