continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@apache.org
Subject svn commit: r1091669 [1/2] - in /continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp: ./ admin/ components/ navigations/
Date Wed, 13 Apr 2011 06:36:21 GMT
Author: ctan
Date: Wed Apr 13 06:36:20 2011
New Revision: 1091669

URL: http://svn.apache.org/viewvc?rev=1091669&view=rev
Log:
[CONTINUUM-2620] use c:out and fn:escapeXml to prevent XSS attacks

Modified:
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupTabComponent.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmDeleteProjects.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmReleaseResultsRemoval.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/ProjectMenu.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupBuildDefinition.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupNotifier.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectView.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/releases.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/viewProjectBuildsReport.jsp

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenOneProject.jsp Wed Apr 13 06:36:20 2011
@@ -37,7 +37,7 @@
                               <p><s:property/></p>
                             </s:iterator>
                             <c:forEach items="${errorMessages}" var="errorMessage">
-                              <p>${errorMessage}</p>
+                              <p><c:out value="${errorMessage}"/></p>
                             </c:forEach>
                           </div>
                         </c:if>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/addMavenTwoProject.jsp Wed Apr 13 06:36:20 2011
@@ -37,7 +37,7 @@
                               <p><s:property/></p>
                             </s:iterator>
                             <c:forEach items="${errorMessages}" var="errorMessage">
-                              <p>${errorMessage}</p>
+                              <p><c:out value="${errorMessage}"/></p>
                             </c:forEach>
                           </div>
                         </c:if>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp Wed Apr 13 06:36:20 2011
@@ -71,24 +71,29 @@
       <table>
         <tr>
           <th><s:text name="appearance.companyPom.organizationName.label"/></th>
-          <td>${companyModel.organization.name}</td>
+          <td><c:out value="${companyModel.organization.name}"/></td>
         </tr>
         <tr>
           <th><s:text name="appearance.companyPom.organizationUrl.label"/></th>
-          <td><a href="${companyModel.organization.url}" target="_blank">
-            <code>${companyModel.organization.url}</code>
+          <c:set var="companyOrgUrl"><c:out value="${companyModel.organization.url}"/></c:set>
+          <td><a href="${companyOrgUrl}" target="_blank">
+            <code><c:out value="${companyModel.organization.url}"/></code>
           </a></td>
         </tr>
         <tr>
           <th><s:text name="appearance.companyPom.organizationLogoUrl.label"/></th>
           <td>
-            <code>${companyModel.properties['organization.logo']}</code>
+            <code><c:out value="${companyModel.properties['organization.logo']}"/></code>
           </td>
         </tr>
       </table>
     </c:when>
     <c:otherwise>
-      <s:text name="appearance.companyPomDoesNotExist"><s:param>${companyPom.groupId}:${companyPom.artifactId}</s:param></s:text>
+      <s:text name="appearance.companyPomDoesNotExist">
+        <s:param>
+          <c:out value="${companyPom.groupId}"/>:<c:out value="${companyPom.artifactId}"/>
+        </s:param>
+      </s:text>
       <a href="<s:url action='editCompanyPom' />"><s:text name="appearance.createCompanyPom"/></a>
     </c:otherwise>
   </c:choose>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp Wed Apr 13 06:36:20 2011
@@ -47,15 +47,15 @@
           <ec:row>
             <ec:column property="url" title="buildAgents.table.url">
               <s:url id="viewBuildAgentUrl" action="viewBuildAgent">
-                <s:param name="buildAgent.url">${pageScope.buildAgent.url}</s:param>
+                <s:param name="buildAgent.url"><c:out value="${pageScope.buildAgent.url}"/></s:param>
               </s:url>
-              <s:a href="%{viewBuildAgentUrl}">${pageScope.buildAgent.url}</s:a>
+              <s:a href="%{viewBuildAgentUrl}"><c:out value="${pageScope.buildAgent.url}"/></s:a>
             </ec:column>
             <ec:column property="enabled" title="buildAgents.table.enabled"/>
             <ec:column property="description" title="buildAgents.table.description"/>
             <ec:column property="editActions" title="&nbsp;" width="1%">
               <s:url id="editBuildAgentUrl" action="editBuildAgent">
-                <s:param name="buildAgent.url">${pageScope.buildAgent.url}</s:param>
+                <s:param name="buildAgent.url"><c:out value="${pageScope.buildAgent.url}"/></s:param>
               </s:url>
               <s:a href="%{editBuildAgentUrl}">
                 <img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"/>
@@ -64,7 +64,7 @@
             <ec:column property="deleteActions" title="&nbsp;" width="1%">
               <s:token/>
               <s:url id="removeBuildAgentUrl" action="deleteBuildAgent">
-                <s:param name="buildAgent.url">${pageScope.buildAgent.url}</s:param>
+                <s:param name="buildAgent.url"><c:out value="${pageScope.buildAgent.url}"/></s:param>
                 <s:param name="struts.token.name">struts.token</s:param>
                 <s:param name="struts.token"><s:property value="struts.token"/></s:param>
               </s:url>
@@ -104,7 +104,7 @@
             </ec:column>
             <ec:column property="editActions" title="&nbsp;" width="1%">
               <s:url id="editBuildAgentGroupUrl" action="editBuildAgentGroup">
-                <s:param name="buildAgentGroup.name">${pageScope.buildAgentGroup.name}</s:param>
+                <s:param name="buildAgentGroup.name"><c:out value="${pageScope.buildAgentGroup.name}"/></s:param>
               </s:url>
               <s:a href="%{editBuildAgentGroupUrl}">
                 <img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"/>
@@ -113,7 +113,7 @@
             <ec:column property="deleteActions" title="&nbsp;" width="1%">
               <s:token/>
               <s:url id="removeBuildAgentGroupUrl" action="deleteBuildAgentGroup">
-                <s:param name="buildAgentGroup.name">${pageScope.buildAgentGroup.name}</s:param>
+                <s:param name="buildAgentGroup.name"><c:out value="${pageScope.buildAgentGroup.name}"/></s:param>
                 <s:param name="struts.token.name">struts.token</s:param>
                 <s:param name="struts.token"><s:property value="struts.token"/></s:param>
               </s:url>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp Wed Apr 13 06:36:20 2011
@@ -46,7 +46,7 @@
           <ec:column property="name" title="buildDefinition.template.name"/>
           <ec:column property="editAction" title="&nbsp;" width="1%">
             <s:url id="editUrl" action="editBuildDefinitionTemplate" method="edit" namespace="/">
-              <s:param name="buildDefinitionTemplate.id">${pageScope.template.id}</s:param>
+              <s:param name="buildDefinitionTemplate.id"><c:out value="${pageScope.template.id}"/></s:param>
             </s:url>
             <s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
           </ec:column>  
@@ -59,8 +59,8 @@
             <c:otherwise>
               <s:token/>
               <s:url id="deleteUrl" action="deleteDefinitionTemplate" method="delete" namespace="/">
-                <s:param name="buildDefinitionTemplate.id">${pageScope.template.id}</s:param>
-                <s:param name="buildDefinitionTemplate.name">${pageScope.template.name}</s:param>
+                <s:param name="buildDefinitionTemplate.id"><c:out value="${pageScope.template.id}"/></s:param>
+                <s:param name="buildDefinitionTemplate.name"><c:out value="${pageScope.template.name}"/></s:param>
                 <s:param name="struts.token.name">struts.token</s:param>
                 <s:param name="struts.token"><s:property value="struts.token"/></s:param>
               </s:url>
@@ -99,7 +99,7 @@
           <ec:column property="type" title="buildDefinition.template.buildDefinition.type"/>
           <ec:column property="editAction" title="&nbsp;" width="1%">
             <s:url id="editUrl" action="editBuildDefinitionAsTemplate" method="editBuildDefinition" namespace="/">
-              <s:param name="buildDefinition.id">${pageScope.buildDefinitionSummary.id}</s:param>
+              <s:param name="buildDefinition.id"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
             </s:url>
             <s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
           </ec:column>          
@@ -110,8 +110,8 @@
             </c:when>
             <c:otherwise>
               <s:url id="deleteUrl" action="deleteBuildDefinitionAsTemplate" method="deleteBuildDefinition" namespace="/">
-                <s:param name="buildDefinition.id">${pageScope.buildDefinitionSummary.id}</s:param>
-                <s:param name="buildDefinition.description">${pageScope.buildDefinitionSummary.description}</s:param>
+                <s:param name="buildDefinition.id"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
+                <s:param name="buildDefinition.description"><c:out value="${pageScope.buildDefinitionSummary.description}"/></s:param>
               </s:url>
               <s:a href="%{deleteUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
             </c:otherwise>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildQueueView.jsp Wed Apr 13 06:36:20 2011
@@ -49,15 +49,15 @@
                 <ec:column property="name" title="buildQueue.currentTask.buildQueue" width="29%"/>
                 <ec:column property="projectUrl" title="buildQueue.currentTask.projectName" width="50%">
                   <s:url id="viewUrl" action="buildResults">
-                    <s:param name="projectId">${queue.task.projectId}</s:param>
+                    <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
                 </ec:column>
                 <ec:column property="task.buildDefinitionLabel" title="buildQueue.currentTask.buildDefinition" width="19%"/>
                 <ec:column property="cancelAction" title="&nbsp;" width="1%">
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:url id="cancelUrl" action="cancelCurrentBuildTask" method="cancelCurrent" namespace="/">
-                      <s:param name="projectId">${queue.task.projectId}</s:param>
+                      <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
                     </s:url>
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
                   </redback:ifAuthorized>
@@ -92,25 +92,25 @@
               <ec:row>
                 <redback:ifAuthorized permission="continuum-manage-queues">
                   <ec:column alias="selectedBuildTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
-                    <input type="checkbox" name="selectedBuildTaskHashCodes" value="${queue.task.hashCode}" />
+                    <input type="checkbox" name="selectedBuildTaskHashCodes" value="<c:out value="${queue.task.hashCode}"/>" />
                   </ec:column>
                 </redback:ifAuthorized>
                 <ec:column property="name" title="buildQueue.currentTask.buildQueue" width="29%"/>
                 <ec:column property="projectUrl" title="buildQueue.currentTask.projectName" width="50%">
                   <s:url id="viewUrl" action="buildResults">
-                    <s:param name="projectId">${queue.task.projectId}</s:param>
+                    <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
                 </ec:column>
                 <ec:column property="task.buildDefinitionLabel" title="buildQueue.currentTask.buildDefinition" width="19%"/>
                 <ec:column property="cancelAction" title="&nbsp;" width="1%">
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:url id="cancelUrl" action="removeBuildQueueEntry" method="remove" namespace="/">
-                      <s:param name="projectId">${queue.task.projectId}</s:param>
-                      <s:param name="buildDefinitionId">${queue.task.buildDefinitionId}</s:param>
-                      <s:param name="trigger">${queue.task.buildTrigger.trigger}</s:param>
-                      <s:param name="projectName">${queue.task.projectName}</s:param>
-                      <s:param name="projectGroupId">${queue.task.projectGroupId}</s:param>
+                      <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
+                      <s:param name="buildDefinitionId"><c:out value="${queue.task.buildDefinitionId}"/></s:param>
+                      <s:param name="trigger"><c:out value="${queue.task.buildTrigger.trigger}"/></s:param>
+                      <s:param name="projectName"><c:out value="${queue.task.projectName}"/></s:param>
+                      <s:param name="projectGroupId"><c:out value="${queue.task.projectGroupId}"/></s:param>
                     </s:url>
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
                   </redback:ifAuthorized>
@@ -160,14 +160,14 @@
                 <ec:column property="name" title="checkoutQueue.currentTask.buildQueue" width="29%"/>
                 <ec:column property="projectUrl" title="checkoutQueue.currentTask.projectName" width="69%">
                   <s:url id="viewUrl" action="projectView">
-                    <s:param name="projectId">${queue.task.projectId}</s:param>
+                    <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
                 </ec:column>
                 <ec:column property="cancelAction" title="&nbsp;" width="1%">
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:url id="cancelUrl" action="cancelCurrentQueueTask" method="cancelCurrentCheckout" namespace="/">
-                      <s:param name="projectId">${queue.task.projectId}</s:param>
+                      <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
                     </s:url>
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
                   </redback:ifAuthorized>
@@ -202,20 +202,20 @@
               <ec:row>
                 <redback:ifAuthorized permission="continuum-manage-queues">
                   <ec:column alias="selectedCheckOutTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
-                    <input type="checkbox" name="selectedCheckOutTaskHashCodes" value="${queue.task.hashCode}" />
+                    <input type="checkbox" name="selectedCheckOutTaskHashCodes" value="<c:out value="${queue.task.hashCode}"/>" />
                   </ec:column>
                 </redback:ifAuthorized>
                 <ec:column property="name" title="checkoutQueue.currentTask.buildQueue" width="29%"/>
                 <ec:column property="projectUrl" title="checkoutQueue.currentTask.projectName" width="69%">
                   <s:url id="viewUrl" action="projectView">
-                    <s:param name="projectId">${queue.task.projectId}</s:param>
+                    <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${queue.task.projectName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${queue.task.projectName}"/></s:a>
                 </ec:column>
                 <ec:column property="cancelAction" title="&nbsp;" width="1%">
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:url id="cancelUrl" action="removeCheckoutQueueEntry" method="removeCheckout" namespace="/">
-                      <s:param name="projectId">${queue.task.projectId}</s:param>
+                      <s:param name="projectId"><c:out value="${queue.task.projectId}"/></s:param>
                     </s:url>
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
                   </redback:ifAuthorized>
@@ -263,9 +263,9 @@
               <ec:row>
                 <ec:column property="projectGroupUrl" title="prepareBuildQueue.table.projectGroupName">
                   <s:url id="viewUrl" action="projectGroupSummary">
-                    <s:param name="projectGroupId">${pageScope.currentPrepareBuild.projectGroupId}</s:param>
+                    <s:param name="projectGroupId"><c:out value="${pageScope.currentPrepareBuild.projectGroupId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${pageScope.currentPrepareBuild.projectGroupName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${pageScope.currentPrepareBuild.projectGroupName}"/></s:a>
                 </ec:column>
                 <ec:column property="scmRootAddress" title="prepareBuildQueue.table.scmRootAddress"/>
               </ec:row>
@@ -295,21 +295,21 @@
               <ec:row>
                 <redback:ifAuthorized permission="continuum-manage-queues">
                   <ec:column alias="selectedPrepareBuildTaskHashCodes" title="&nbsp;" style="width:5px" filterable="false" sortable="false" width="1%" headerCell="selectAll">
-                    <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="${pageScope.prepareBuildQueue.hashCode}" />
+                    <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="<c:out value="${pageScope.prepareBuildQueue.hashCode}"/>" />
                   </ec:column>             
                 </redback:ifAuthorized>
                 <ec:column property="projectGroupUrl" title="prepareBuildQueue.table.projectGroupName">
                   <s:url id="viewUrl" action="projectGroupSummary">
-                    <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
+                    <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${pageScope.prepareBuildQueue.projectGroupName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${pageScope.prepareBuildQueue.projectGroupName}"/></s:a>
                 </ec:column>
                 <ec:column property="scmRootAddress" title="prepareBuildQueue.table.scmRootAddress"/>
                 <ec:column property="cancelEntry" title="&nbsp;" width="1%">
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:url id="cancelUrl" action="removePrepareBuildEntry" method="removePrepareBuildEntry" namespace="/">
-                      <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
-                      <s:param name="scmRootId">${pageScope.prepareBuildQueue.scmRootId}</s:param>
+                      <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
+                      <s:param name="scmRootId"><c:out value="${pageScope.prepareBuildQueue.scmRootId}"/></s:param>
                     </s:url>
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
                   </redback:ifAuthorized>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp Wed Apr 13 06:36:20 2011
@@ -41,7 +41,7 @@
         <div class="functnbar3">
           <s:form action="deleteBuildAgent!delete.action" method="post">
             <s:token/>
-            <input type="hidden" name="buildAgent.url" value="${buildAgent.url}" />
+            <input type="hidden" name="buildAgent.url" value="<c:out value="${buildAgent.url}"/>" />
             <s:hidden name="confirmed" value="true"/>
             <c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
           </s:form>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp Wed Apr 13 06:36:20 2011
@@ -41,7 +41,7 @@
         <div class="functnbar3">
           <s:form action="deleteBuildAgentGroup!deleteGroup.action" method="post">
             <s:token/>
-            <input type="hidden" name="buildAgentGroup.name" value="${buildAgentGroup.name}" />
+            <input type="hidden" name="buildAgentGroup.name" value="<c:out value="${buildAgentGroup.name}"/>" />
             <s:hidden name="confirmed" value="true"/>
             <c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
           </s:form>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp Wed Apr 13 06:36:20 2011
@@ -40,7 +40,7 @@
         <div class="functnbar3">
           <s:form action="deleteBuildEnv!delete.action" method="post">
             <s:token/>
-            <input type="hidden" name="profile.id" value="${profile.id}" />
+            <input type="hidden" name="profile.id" value="<c:out value="${profile.id}"/>" />
             <c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
           </s:form>
         </div>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp Wed Apr 13 06:36:20 2011
@@ -39,7 +39,7 @@
         </div>
         <div class="functnbar3">
           <s:form action="deleteInstallation" method="post">
-            <input type="hidden" name="installation.installationId" value="${installation.installationId}" />
+            <input type="hidden" name="installation.installationId" value="<c:out value="${installation.installationId}"/>" />
             <s:hidden name="confirmed" value="true"/>
             <c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
           </s:form>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp Wed Apr 13 06:36:20 2011
@@ -50,7 +50,7 @@
             <ec:column property="layout" title="repositories.table.layout"/>
             <ec:column property="editActions" title="&nbsp;" width="1%">
                 <s:url id="editRepositoryUrl" action="editRepository">
-                  <s:param name="repository.id">${pageScope.repository.id}</s:param>
+                  <s:param name="repository.id"><c:out value="${pageScope.repository.id}"/></s:param>
                 </s:url>
                 <c:choose>
                   <c:when test="${repository.name == 'DEFAULT'}">
@@ -66,7 +66,7 @@
               <c:choose>
                 <c:when test="${defaultPurgeMap[repositoryName]}">
                   <s:url id="purgeRepositoryUrl" action="purgeRepository">
-                    <s:param name="repository.id">${pageScope.repository.id}</s:param>
+                    <s:param name="repository.id"><c:out value="${pageScope.repository.id}"/></s:param>
                   </s:url>
                   <s:a href="%{purgeRepositoryUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
                 </c:when>
@@ -78,7 +78,7 @@
             <ec:column property="deleteActions" title="&nbsp;" width="1%">
                 <s:token/>
                 <s:url id="removeRepositoryUrl" action="removeRepository">
-                  <s:param name="repository.id">${pageScope.repository.id}</s:param>
+                  <s:param name="repository.id"><c:out value="${pageScope.repository.id}"/></s:param>
                   <s:param name="struts.token.name">struts.token</s:param>
                   <s:param name="struts.token"><s:property value="struts.token"/></s:param>
                 </s:url>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp Wed Apr 13 06:36:20 2011
@@ -50,8 +50,8 @@
           <c:if test="${buildQueue.id != 1}">
             <s:token/>
             <s:url id="deleteBuildQueueUrl" action="deleteBuildQueue">
-              <s:param name="buildQueue.id">${pageScope.buildQueue.id}</s:param>
-              <s:param name="buildQueue.name">${pageScope.buildQueue.name}</s:param>
+              <s:param name="buildQueue.id"><c:out value="${pageScope.buildQueue.id}"/></s:param>
+              <s:param name="buildQueue.name"><c:out value="${pageScope.buildQueue.name}"/></s:param>
               <s:param name="struts.token.name">struts.token</s:param>
               <s:param name="struts.token"><s:property value="struts.token"/></s:param>
             </s:url>          

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp Wed Apr 13 06:36:20 2011
@@ -51,12 +51,12 @@
             <ec:column property="repository.name" title="purgeConfigs.table.repository">
               <redback:ifAuthorized permission="continuum-manage-repositories">
                 <s:url id="editRepositoryUrl" action="editRepository" namespace="/admin" includeParams="none">
-                  <s:param name="repository.id">${pageScope.repoPurge.repository.id}</s:param>
+                  <s:param name="repository.id"><c:out value="${pageScope.repoPurge.repository.id}"/></s:param>
                 </s:url>
-                <s:a href="%{editRepositoryUrl}">${pageScope.repoPurge.repository.name}</s:a>
+                <s:a href="%{editRepositoryUrl}"><c:out value="${pageScope.repoPurge.repository.name}"/></s:a>
               </redback:ifAuthorized>
               <redback:elseAuthorized>
-                ${pageScope.repoPurge.repository.name}
+                <c:out value="${pageScope.repoPurge.repository.name}"/>
               </redback:elseAuthorized>
             </ec:column>
             <ec:column property="daysOlder" title="purgeConfigs.table.daysOlder"/>
@@ -69,21 +69,21 @@
             <ec:column property="description" title="purgeConfigs.table.description"/>
             <ec:column property="editActions" title="&nbsp;" width="1%">
                 <s:url id="editPurgeConfigUrl" action="editPurgeConfig">
-                  <s:param name="purgeConfigId">${pageScope.repoPurge.id}</s:param>
+                  <s:param name="purgeConfigId"><c:out value="${pageScope.repoPurge.id}"/></s:param>
                 </s:url>
                 <s:a href="%{editPurgeConfigUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0" /></s:a>
             </ec:column>
             <ec:column property="purgeActions" title="&nbsp;" width="1%">
                 <s:url id="purgeUrl" action="doPurge">
-                  <s:param name="purgeConfigId">${pageScope.repoPurge.id}</s:param>
+                  <s:param name="purgeConfigId"><c:out value="${pageScope.repoPurge.id}"/></s:param>
                 </s:url>
                 <s:a href="%{purgeUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
             </ec:column>
             <ec:column property="deleteActions" title="&nbsp;" width="1%">
                 <s:token/>
                 <s:url id="removePurgeConfigUrl" action="removePurgeConfig">
-                  <s:param name="purgeConfigId">${pageScope.repoPurge.id}</s:param>
-                  <s:param name="description">${pageScope.repoPurge.description}</s:param>
+                  <s:param name="purgeConfigId"><c:out value="${pageScope.repoPurge.id}"/></s:param>
+                  <s:param name="description"><c:out value="${pageScope.repoPurge.description}"/></s:param>
                   <s:param name="struts.token.name">struts.token</s:param>
                   <s:param name="struts.token"><s:property value="struts.token"/></s:param>
                 </s:url>
@@ -121,21 +121,21 @@
             <ec:column property="description" title="purgeConfigs.table.description"/>
             <ec:column property="editActions" title="&nbsp;" width="1%">
                 <s:url id="editPurgeConfigUrl" action="editPurgeConfig">
-                  <s:param name="purgeConfigId">${pageScope.dirPurge.id}</s:param>
+                  <s:param name="purgeConfigId"><c:out value="${pageScope.dirPurge.id}"/></s:param>
                 </s:url>
                 <s:a href="%{editPurgeConfigUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0" /></s:a>
             </ec:column>
             <ec:column property="purgeActions" title="&nbsp;" width="1%">
                 <s:url id="purgeUrl" action="doPurge">
-                  <s:param name="purgeConfigId">${pageScope.dirPurge.id}</s:param>
+                  <s:param name="purgeConfigId"><c:out value="${pageScope.dirPurge.id}"/></s:param>
                 </s:url>
                 <s:a href="%{purgeUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
             </ec:column>
             <ec:column property="deleteActions" title="&nbsp;" width="1%">
                 <s:token/>
                 <s:url id="removePurgeConfigUrl" action="removePurgeConfig">
-                  <s:param name="purgeConfigId">${pageScope.dirPurge.id}</s:param>
-                  <s:param name="description">${pageScope.dirPurge.description}</s:param>
+                  <s:param name="purgeConfigId"><c:out value="${pageScope.dirPurge.id}"/></s:param>
+                  <s:param name="description"><c:out value="${pageScope.dirPurge.description}"/></s:param>
                   <s:param name="struts.token.name">struts.token</s:param>
                   <s:param name="struts.token"><s:property value="struts.token"/></s:param>
                 </s:url>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/viewDistributedBuilds.jsp Wed Apr 13 06:36:20 2011
@@ -53,16 +53,16 @@
               <ec:row>
                 <ec:column property="projectUrl" title="distributedBuild.table.projectName">
                   <s:url id="viewUrl" action="buildResults">
-                    <s:param name="projectId">${pageScope.currentBuild.projectId}</s:param>
+                    <s:param name="projectId"><c:out value="${pageScope.currentBuild.projectId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${pageScope.currentBuild.projectName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${pageScope.currentBuild.projectName}"/></s:a>
                 </ec:column>
                 <ec:column property="buildDefinitionLabel" title="distributedBuild.table.buildDefinitionLabel"/>
                 <ec:column property="projectGroupName" title="distributedBuild.table.projectGroupName"/>
                 <ec:column property="buildAgentUrl" title="distributedBuild.table.buildAgentUrl"/>
                 <ec:column property="cancelEntry" title="&nbsp;" width="1%">
                   <s:url id="cancelUrl" action="cancelDistributedBuild" method="cancelDistributedBuild" namespace="/">
-                    <s:param name="buildAgentUrl">${pageScope.currentBuild.buildAgentUrl}</s:param>
+                    <s:param name="buildAgentUrl"><c:out value="${pageScope.currentBuild.buildAgentUrl}"/></s:param>
                   </s:url>
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
@@ -97,14 +97,14 @@
               <ec:row>
                 <redback:ifAuthorized permission="continuum-manage-queues">
                   <ec:column alias="selectedBuildTaskHashCodes" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
-                    <input type="checkbox" name="selectedBuildTaskHashCodes" value="${pageScope.buildQueue.hashCode}" />
+                    <input type="checkbox" name="selectedBuildTaskHashCodes" value="<c:out value="${pageScope.buildQueue.hashCode}"/>" />
                   </ec:column>              
                 </redback:ifAuthorized>
                 <ec:column property="projectUrl" title="distributedBuild.table.projectName">
                   <s:url id="viewUrl" action="buildResults">
-                    <s:param name="projectId">${pageScope.buildQueue.projectId}</s:param>
+                    <s:param name="projectId"><c:out value="${pageScope.buildQueue.projectId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${pageScope.buildQueue.projectName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${pageScope.buildQueue.projectName}"/></s:a>
                 </ec:column>
                 <ec:column property="buildDefinitionLabel" title="distributedBuild.table.buildDefinitionLabel"/>
                 <ec:column property="projectGroupName" title="distributedBuild.table.projectGroupName"/>
@@ -112,9 +112,9 @@
                 <ec:column property="cancelEntry" title="&nbsp;" width="1%">
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:url id="cancelUrl" action="removeDistributedBuildEntry" method="removeDistributedBuildEntry" namespace="/">
-                      <s:param name="projectId">${pageScope.buildQueue.projectId}</s:param>
-                      <s:param name="buildDefinitionId">${pageScope.buildQueue.buildDefinitionId}</s:param>
-                      <s:param name="buildAgentUrl">${pageScope.buildQueue.buildAgentUrl}</s:param>
+                      <s:param name="projectId"><c:out value="${pageScope.buildQueue.projectId}"/></s:param>
+                      <s:param name="buildDefinitionId"><c:out value="${pageScope.buildQueue.buildDefinitionId}"/></s:param>
+                      <s:param name="buildAgentUrl"><c:out value="${pageScope.buildQueue.buildAgentUrl}"/></s:param>
                     </s:url>
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
                   </redback:ifAuthorized>
@@ -159,9 +159,9 @@
               <ec:row>
                 <ec:column property="projectGroupUrl" title="distributedPrepareBuild.table.projectGroupName">
                   <s:url id="viewUrl" action="projectGroupSummary">
-                    <s:param name="projectGroupId">${pageScope.currentPrepareBuild.projectGroupId}</s:param>
+                    <s:param name="projectGroupId"><c:out value="${pageScope.currentPrepareBuild.projectGroupId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${pageScope.currentPrepareBuild.projectGroupName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${pageScope.currentPrepareBuild.projectGroupName}"/></s:a>
                 </ec:column>
                 <ec:column property="scmRootAddress" title="distributedPrepareBuild.table.scmRootAddress"/>
                 <ec:column property="buildAgentUrl" title="distributedPrepareBuild.table.buildAgentUrl"/>
@@ -192,23 +192,23 @@
               <ec:row>
                 <redback:ifAuthorized permission="continuum-manage-queues">
                   <ec:column alias="selectedPrepareBuildTaskHashCodes" title="&nbsp;" style="width:5px" filterable="false" sortable="false" width="1%" headerCell="selectAll">
-                    <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="${pageScope.prepareBuildQueue.hashCode}" />
+                    <input type="checkbox" name="selectedPrepareBuildTaskHashCodes" value="<c:out value="${pageScope.prepareBuildQueue.hashCode}"/>" />
                   </ec:column>              
                 </redback:ifAuthorized>
                 <ec:column property="projectGroupUrl" title="distributedPrepareBuild.table.projectGroupName">
                   <s:url id="viewUrl" action="projectGroupSummary">
-                    <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
+                    <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
                   </s:url>
-                  <s:a href="%{viewUrl}">${pageScope.prepareBuildQueue.projectGroupName}</s:a>
+                  <s:a href="%{viewUrl}"><c:out value="${pageScope.prepareBuildQueue.projectGroupName}"/></s:a>
                 </ec:column>
                 <ec:column property="scmRootAddress" title="distributedPrepareBuild.table.scmRootAddress"/>
                 <ec:column property="buildAgentUrl" title="distributedPrepareBuild.table.buildAgentUrl"/>
                 <ec:column property="cancelEntry" title="&nbsp;" width="1%">
                   <redback:ifAuthorized permission="continuum-manage-queues">
                     <s:url id="cancelUrl" action="removeDistributedPrepareBuildEntry" method="removeDistributedPrepareBuildEntry" namespace="/">
-                      <s:param name="projectGroupId">${pageScope.prepareBuildQueue.projectGroupId}</s:param>
-                      <s:param name="scmRootId">${pageScope.prepareBuildQueue.scmRootId}</s:param>
-                      <s:param name="buildAgentUrl">${pageScope.prepareBuildQueue.buildAgentUrl}</s:param>
+                      <s:param name="projectGroupId"><c:out value="${pageScope.prepareBuildQueue.projectGroupId}"/></s:param>
+                      <s:param name="scmRootId"><c:out value="${pageScope.prepareBuildQueue.scmRootId}"/></s:param>
+                      <s:param name="buildAgentUrl"><c:out value="${pageScope.prepareBuildQueue.buildAgentUrl}"/></s:param>
                     </s:url>
                     <s:a href="%{cancelUrl}"><img src="<s:url value='/images/cancelbuild.gif' includeParams="none"/>" alt="<s:text name='cancel'/>" title="<s:text name='cancel'/>" border="0"></s:a>
                   </redback:ifAuthorized>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp Wed Apr 13 06:36:20 2011
@@ -22,6 +22,8 @@
 <%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
 <%@ taglib prefix="c1" uri="continuum" %>
 <%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
 <html>
   <s:i18n name="localization.Continuum">
     <head>
@@ -76,7 +78,7 @@
             <tbody>
             <tr>
               <td>
-                <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+                <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
                   <form action="removeBuildResult.action">
                     <input type="hidden" name="projectId" value="<s:property value="projectId"/>"/>
                     <input type="hidden" name="buildId" value="<s:property value="buildId"/>"/>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp Wed Apr 13 06:36:20 2011
@@ -21,6 +21,8 @@
 <%@ taglib uri="http://www.extremecomponents.org" prefix="ec" %>
 <%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
 <%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
 <html>
   <s:i18n name="localization.Continuum">
     <head>
@@ -60,9 +62,9 @@
                     filterable="false"
                     sortable="false">
             <ec:row highlightRow="true">
-              <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+              <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
                 <ec:column alias="selectedBuildResults" title=" " style="width:5px" filterable="false" sortable="false" headerCell="selectAll">
-                  <input type="checkbox" name="selectedBuildResults" value="${buildResult.id}" />
+                  <input type="checkbox" name="selectedBuildResults" value="<c:out value="${buildResult.id}"/>" />
                 </ec:column>
               </redback:ifAuthorized>
               <ec:column property="buildNumberIfNotZero" title="buildResults.buildNumber">
@@ -75,10 +77,10 @@
               <ec:column property="duration" title="&nbsp;">
                 <c:choose>
                   <c:when test="${buildResult.endTime gt 0}">
-                    <s:text name="buildResults.duration"/> : ${buildResult.durationTime}
+                    <s:text name="buildResults.duration"/> : <c:out value="${buildResult.durationTime}"/>
                   </c:when>
                   <c:otherwise>
-                    <s:text name="buildResults.startedSince"/> : ${buildResult.elapsedTime}
+                    <s:text name="buildResults.startedSince"/> : <c:out value="${buildResult.elapsedTime}"/>
                   </c:otherwise>
                 </c:choose>
               </ec:column>
@@ -86,10 +88,10 @@
               <ec:column property="buildDefinition.description" title="buildResults.buildDefinition.description" />
               <ec:column property="actions" title="&nbsp;">
                 <s:url id="buildResultUrl" action="buildResult">
-                  <s:param name="projectId">${projectId}</s:param>
-                  <s:param name="projectName">${projectName}</s:param>
-                  <s:param name="buildId">${buildResult.id}</s:param>
-                  <s:param name="projectGroupId">${projectGroupId}</s:param>
+                  <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+                  <s:param name="projectName"><c:out value="${projectName}"/></s:param>
+                  <s:param name="buildId"><c:out value="${buildResult.id}"/></s:param>
+                  <s:param name="projectGroupId"><c:out value="${projectGroupId}"/></s:param>
                 </s:url>
                 <s:a href="%{buildResultUrl}"><s:text name="buildResults.result"/></s:a>
               </ec:column>
@@ -101,7 +103,7 @@
                 <tbody>
                   <tr>
                     <td>
-                      <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+                      <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
                         <s:hidden name="projectGroupId"/>
                         <s:hidden name="projectId"/>
                         <input type="button" name="delete-project" value="<s:text name="delete"/>" onclick="document.forms.buildResultsForm.submit();" />

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp Wed Apr 13 06:36:20 2011
@@ -22,10 +22,11 @@
 <%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
 <%@ taglib uri="continuum" prefix="c1" %>
 <%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 
 <s:i18n name="localization.Continuum">
 
-  <h3><s:text name="buildDefinitionSummary.projectGroup.section.title"><s:param>${projectGroup.name}</s:param></s:text></h3>
+  <h3><s:text name="buildDefinitionSummary.projectGroup.section.title"><s:param><c:out value="${projectGroup.name}"/></s:param></s:text></h3>
   <c:if test="${not empty groupBuildDefinitionSummaries}">
   <ec:table items="groupBuildDefinitionSummaries"
             var="buildDefinitionSummary"
@@ -42,19 +43,19 @@
       <ec:column property="scheduleName" title="projectView.buildDefinition.schedule">
         <redback:ifAuthorized permission="continuum-manage-schedules">
           <s:url id="scheduleUrl" action="schedule" namespace="/" includeParams="none">
-            <s:param name="id">${pageScope.buildDefinitionSummary.scheduleId}</s:param>
+            <s:param name="id"><c:out value="${pageScope.buildDefinitionSummary.scheduleId}"/></s:param>
           </s:url>
-          <s:a href="%{scheduleUrl}">${pageScope.buildDefinitionSummary.scheduleName}</s:a>
+          <s:a href="%{scheduleUrl}"><c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/></s:a>
         </redback:ifAuthorized>
         <redback:elseAuthorized>
-          ${pageScope.buildDefinitionSummary.scheduleName}
+          <c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/>
         </redback:elseAuthorized>
       </ec:column>
       <ec:column property="profileName" title="projectView.buildDefinition.profile">
         <s:url id="profileUrl" action="editBuildEnv!edit.action" namespace="/" includeParams="none">
-          <s:param name="profile.id">${pageScope.buildDefinitionSummary.profileId}</s:param>
+          <s:param name="profile.id"><c:out value="${pageScope.buildDefinitionSummary.profileId}"/></s:param>
         </s:url>
-        <s:a href="%{profileUrl}">${pageScope.buildDefinitionSummary.profileName}</s:a>
+        <s:a href="%{profileUrl}"><c:out value="${pageScope.buildDefinitionSummary.profileName}"/></s:a>
       </ec:column>      
       <ec:column property="from" title="projectView.buildDefinition.from"/>
       <ec:column property="isBuildFresh" title="projectView.buildDefinition.buildFresh"/>
@@ -63,10 +64,10 @@
       <ec:column property="type" title="projectView.buildDefinition.type"/>
       <ec:column property="alwaysBuild" title="projectView.buildDefinition.alwaysBuild"/>
       <ec:column property="buildAction" title="&nbsp;" width="1%">
-        <redback:ifAuthorized permission="continuum-build-group" resource="${projectGroupName}">
+        <redback:ifAuthorized permission="continuum-build-group" resource="${fn:escapeXml(projectGroupName)}">
           <s:url id="buildUrl" action="buildProject" namespace="/">
-            <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
-            <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+            <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+            <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
             <s:param name="fromGroupPage" value="true"/>
           </s:url>
           <s:a href="%{buildUrl}"><img src="<s:url value='/images/buildnow.gif' includeParams="none"/>" alt="<s:text name='build'/>" title="<s:text name='build'/>" border="0"></s:a>
@@ -77,10 +78,10 @@
       </ec:column>
       <ec:column property="editActions" title="&nbsp;" width="1%">
         <center>
-        <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+        <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
           <s:url id="editUrl" action="buildDefinition" method="input" namespace="/" includeParams="none">
-            <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
-            <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+            <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+            <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
           </s:url>
           <s:a href="%{editUrl}">
               <img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0">
@@ -93,7 +94,7 @@
       </ec:column>    
       <ec:column property="deleteActions" title="&nbsp;" width="1%">
         <center>
-        <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+        <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
           <c:choose>
           <c:when test="${pageScope.buildDefinitionSummary.isDefault == true}">
             <img src="<s:url value='/images/delete_disabled.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0">
@@ -101,8 +102,8 @@
           <c:otherwise>
             <s:token/>
             <s:url id="removeUrl" action="removeGroupBuildDefinition" namespace="/">
-              <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
-              <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+              <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+              <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
               <s:param name="confirmed" value="false"/>
               <s:param name="struts.token.name">struts.token</s:param>
               <s:param name="struts.token"><s:property value="struts.token"/></s:param> 
@@ -121,7 +122,7 @@
     </ec:row>
   </ec:table>
   </c:if>
-  <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+  <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
     <div class="functnbar3">
       <s:form action="buildDefinition" method="post">
         <input type="hidden" name="projectGroupId" value="<s:property value="projectGroupId"/>"/>
@@ -144,9 +145,9 @@
     <ec:row>
       <ec:column property="projectName" title="buildDefinitionSummary.project">
         <s:url id="projectUrl" action="projectView" namespace="/" includeParams="none">
-          <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
+          <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
         </s:url>
-        <s:a href="%{projectUrl}">${pageScope.buildDefinitionSummary.projectName}</s:a>
+        <s:a href="%{projectUrl}"><c:out value="${pageScope.buildDefinitionSummary.projectName}"/></s:a>
       </ec:column>
       <ec:column property="goals" title="projectView.buildDefinition.goals"/>
       <ec:column property="arguments" title="projectView.buildDefinition.arguments"/>
@@ -154,19 +155,19 @@
       <ec:column property="scheduleName" title="projectView.buildDefinition.schedule">
         <redback:ifAuthorized permission="continuum-manage-schedules">
           <s:url id="scheduleUrl" action="schedule" namespace="/" includeParams="none">
-            <s:param name="id">${pageScope.buildDefinitionSummary.scheduleId}</s:param>
+            <s:param name="id"><c:out value="${pageScope.buildDefinitionSummary.scheduleId}"/></s:param>
           </s:url>
-          <s:a href="%{scheduleUrl}">${pageScope.buildDefinitionSummary.scheduleName}</s:a>
+          <s:a href="%{scheduleUrl}"><c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/></s:a>
         </redback:ifAuthorized>
         <redback:elseAuthorized>
-          ${pageScope.buildDefinitionSummary.scheduleName}
+          <c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/>
         </redback:elseAuthorized>
       </ec:column>
       <ec:column property="profileName" title="projectView.buildDefinition.profile">
         <s:url id="profileUrl" action="editBuildEnv!edit.action" namespace="/" includeParams="none">
-          <s:param name="profile.id">${pageScope.buildDefinitionSummary.profileId}</s:param>
+          <s:param name="profile.id"><c:out value="${pageScope.buildDefinitionSummary.profileId}"/></s:param>
         </s:url>
-        <s:a href="%{profileUrl}">${pageScope.buildDefinitionSummary.profileName}</s:a>
+        <s:a href="%{profileUrl}"><c:out value="${pageScope.buildDefinitionSummary.profileName}"/></s:a>
       </ec:column>      
       <ec:column property="from" title="projectView.buildDefinition.from"/>
       <ec:column property="isBuildFresh" title="projectView.buildDefinition.buildFresh"/>
@@ -175,10 +176,10 @@
       <ec:column property="type" title="projectView.buildDefinition.type"/>
       <ec:column property="alwaysBuild" title="projectView.buildDefinition.alwaysBuild"/>
       <ec:column property="buildNowAction" title="&nbsp;" width="1%">
-        <redback:ifAuthorized permission="continuum-build-group" resource="${projectGroupName}">
+        <redback:ifAuthorized permission="continuum-build-group" resource="${fn:escapeXml(projectGroupName)}">
           <s:url id="buildProjectUrl" action="buildProject" namespace="/" includeParams="none">
-            <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
-            <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+            <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
+            <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
           </s:url>
           <s:a href="%{buildProjectUrl}">
             <img src="<s:url value='/images/buildnow.gif' includeParams="none"/>" alt="<s:text name='build'/>" title="<s:text name='build'/>" border="0">
@@ -189,10 +190,10 @@
         </redback:elseAuthorized>
       </ec:column>
       <ec:column property="editAction" title="&nbsp;" width="1%">
-        <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+        <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
           <s:url id="editUrl" action="buildDefinition" method="input" namespace="/">
-            <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
-            <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+            <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
+            <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
             <s:param name="groupBuildView" value="true"/>
           </s:url>
           <s:a href="%{editUrl}">
@@ -204,11 +205,11 @@
         </redback:elseAuthorized>
       </ec:column>
       <ec:column property="removeAction" title="&nbsp;" width="1%">
-        <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+        <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroupName)}">
           <s:token/>
           <s:url id="removeUrl" action="removeProjectBuildDefinition" namespace="/">
-            <s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
-            <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+            <s:param name="projectId"><c:out value="${pageScope.buildDefinitionSummary.projectId}"/></s:param>
+            <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
             <s:param name="confirmed" value="false"/>
             <s:param name="struts.token.name">struts.token</s:param>
             <s:param name="struts.token"><s:property value="struts.token"/></s:param>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp Wed Apr 13 06:36:20 2011
@@ -22,6 +22,7 @@
 <%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
 <%@ taglib uri="continuum" prefix="c1" %>
 <%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 
 <s:i18n name="localization.Continuum">
   <ec:table items="allBuildDefinitionSummaries"
@@ -39,12 +40,12 @@
       <ec:column property="scheduleName" title="projectView.buildDefinition.schedule">
         <redback:ifAuthorized permission="continuum-manage-schedules">
           <s:url id="scheduleUrl" action="schedule" namespace="/" includeParams="none">
-            <s:param name="id">${pageScope.buildDefinitionSummary.scheduleId}</s:param>
+            <s:param name="id"><c:out value="${pageScope.buildDefinitionSummary.scheduleId}"/></s:param>
           </s:url>
-          <s:a href="%{scheduleUrl}">${pageScope.buildDefinitionSummary.scheduleName}</s:a>
+          <s:a href="%{scheduleUrl}"><c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/></s:a>
         </redback:ifAuthorized>
         <redback:elseAuthorized>
-          ${pageScope.buildDefinitionSummary.scheduleName}
+          <c:out value="${pageScope.buildDefinitionSummary.scheduleName}"/>
         </redback:elseAuthorized>
       </ec:column>
       <ec:column property="profileName" title="projectView.buildDefinition.profile"/>
@@ -54,10 +55,10 @@
       <ec:column property="description" title="projectView.buildDefinition.description"/>
       <ec:column property="type" title="projectView.buildDefinition.type"/>      
       <ec:column property="buildAction" title="&nbsp;" width="1%">
-        <redback:ifAuthorized permission="continuum-build-group" resource="${projectGroupName}">
+        <redback:ifAuthorized permission="continuum-build-group" resource="${fn:escapeXml(projectGroupName)}">
           <s:url id="buildProjectUrl" action="buildProject" namespace="/">
-            <s:param name="projectId">${projectId}</s:param>
-            <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+            <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+            <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
             <s:param name="fromProjectPage" value="true"/>
           </s:url>
           <s:a href="%{buildProjectUrl}"><img src="<s:url value='/images/buildnow.gif' includeParams="none"/>" alt="<s:text name='build'/>" title="<s:text name='build'/>" border="0"></s:a>
@@ -70,10 +71,10 @@
         <%-- if the from is PROJECT then render the links differently --%>
         <c:choose>
           <c:when test="${pageScope.buildDefinitionSummary.from=='PROJECT'}">
-            <redback:ifAuthorized permission="continuum-modify-project-build-definition" resource="${projectGroupName}">
+            <redback:ifAuthorized permission="continuum-modify-project-build-definition" resource="${fn:escapeXml(projectGroupName)}">
               <s:url id="editUrl" action="buildDefinition" method="input" namespace="/">
-                <s:param name="projectId">${projectId}</s:param>
-                <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+                <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+                <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
               </s:url>
               <s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
             </redback:ifAuthorized>
@@ -82,10 +83,10 @@
             </redback:elseAuthorized>
           </c:when>
           <c:otherwise>
-            <redback:ifAuthorized permission="continuum-modify-group-build-definition" resource="${projectGroupName}">
+            <redback:ifAuthorized permission="continuum-modify-group-build-definition" resource="${fn:escapeXml(projectGroupName)}">
               <s:url id="editUrl" action="buildDefinition" method="input" namespace="/">
-                <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
-                <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+                <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+                <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
                 <s:param name="groupBuildDefinition">true</s:param>
               </s:url>
               <s:a href="%{editUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0"></s:a>
@@ -100,11 +101,11 @@
         <%-- if the from is PROJECT then render the links differently --%>
          <c:choose>
           <c:when test="${pageScope.buildDefinitionSummary.from=='PROJECT'}">
-            <redback:ifAuthorized permission="continuum-remove-project-build-definition" resource="${projectGroupName}">
+            <redback:ifAuthorized permission="continuum-remove-project-build-definition" resource="${fn:escapeXml(projectGroupName)}">
               <s:token/>
               <s:url id="removeUrl" action="removeProjectBuildDefinition" namespace="/">
-                <s:param name="projectId">${projectId}</s:param>
-                <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+                <s:param name="projectId"><c:out value="${projectId}"/></s:param>
+                <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
                 <s:param name="confirmed" value="false"/>
                 <s:param name="struts.token.name">struts.token</s:param>
                 <s:param name="struts.token"><s:property value="struts.token"/></s:param>
@@ -116,7 +117,7 @@
             </redback:elseAuthorized>
           </c:when>
           <c:otherwise>
-            <redback:ifAuthorized permission="continuum-remove-group-build-definition" resource="${projectGroupName}">
+            <redback:ifAuthorized permission="continuum-remove-group-build-definition" resource="${fn:escapeXml(projectGroupName)}">
               <c:choose>              
                 <c:when test="${buildDefinitionSummary.id == defaultGroupDefinitionId || buildDefinitionSummary.isDefault}">                
                   <img src="<s:url value='/images/delete_disabled.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0" />
@@ -124,8 +125,8 @@
                 <c:otherwise>
                   <s:token/>
                   <s:url id="removeUrl" action="removeGroupBuildDefinition" namespace="/">
-                    <s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
-                    <s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
+                    <s:param name="projectGroupId"><c:out value="${pageScope.buildDefinitionSummary.projectGroupId}"/></s:param>
+                    <s:param name="buildDefinitionId"><c:out value="${pageScope.buildDefinitionSummary.id}"/></s:param>
                     <s:param name="groupBuildDefinition">true</s:param>
                     <s:param name="confirmed" value="false"/>
                     <s:param name="struts.token.name">struts.token</s:param>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp Wed Apr 13 06:36:20 2011
@@ -19,18 +19,20 @@
 
 <%@ taglib uri="/struts-tags" prefix="s" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
 <s:set name="companyLogo" value="companyLogo"/>
 <c:if test="${!empty (companyLogo)}">
-  <s:set name="companyName" value="companyName"/>
-  <s:set name="companyUrl" value="companyUrl"/>
+  <s:set name="companyName" value="companyName"/>"/>
+  <s:set name="companyUrl" value="companyUrl"/>"/>
   <c:choose>
     <c:when test="${!empty (companyUrl)}">
-      <a href="${companyUrl}">
-        <img src="${companyLogo}" title="${companyName}" border="0" alt="${companyName}"/>
+      <a href="${fn:escapeXml(companyUrl)}">
+        <img src="${fn:escapeXml(companyLogo)}" title="${fn:escapeXml(companyName)}" border="0" alt="${fn:escapeXml(companyName)}"/>
       </a>
     </c:when>
     <c:otherwise>
-      <img src="${companyLogo}" title="${companyName}" border="0" alt="${companyName}"/>
+      <img src="${fn:escapeXml(companyLogo)}" title="${fn:escapeXml(companyName)}" border="0" alt="${fn:escapeXml(companyName)}"/>
     </c:otherwise>
   </c:choose>
 </c:if>

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp?rev=1091669&r1=1091668&r2=1091669&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectGroupNotifierSummaryComponent.jsp Wed Apr 13 06:36:20 2011
@@ -22,9 +22,10 @@
 <%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
 <%@ taglib uri="continuum" prefix="c1" %>
 <%@ taglib uri="http://plexus.codehaus.org/redback/taglib-1.0" prefix="redback" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <s:i18n name="localization.Continuum">
 
-  <h3><s:text name="projectGroupNotifierSummaryComponent.groupNotifiers"><s:param>${projectGroup.name}</s:param></s:text></h3>
+  <h3><s:text name="projectGroupNotifierSummaryComponent.groupNotifiers"><s:param><c:out value="${projectGroup.name}"/></s:param></s:text></h3>
   <c:if test="${not empty projectGroupNotifierSummaries}">
   <ec:table items="projectGroupNotifierSummaries"
             var="projectGroupNotifierSummary"
@@ -40,11 +41,11 @@
       <ec:column property="events" title="projectView.notifier.events"/>
       <!-- ec:column property="sender" title="projectView.notifier.sender"/ -->
       <ec:column property="editActions" title="&nbsp;" width="1%">
-        <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+        <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
           <s:url id="editUrl" action="editProjectGroupNotifier" namespace="/">
-            <s:param name="projectGroupId">${pageScope.projectGroupNotifierSummary.projectGroupId}</s:param>
-            <s:param name="notifierId">${pageScope.projectGroupNotifierSummary.id}</s:param>
-            <s:param name="notifierType">${pageScope.projectGroupNotifierSummary.type}</s:param>
+            <s:param name="projectGroupId"><c:out value="${pageScope.projectGroupNotifierSummary.projectGroupId}"/></s:param>
+            <s:param name="notifierId"><c:out value="${pageScope.projectGroupNotifierSummary.id}"/></s:param>
+            <s:param name="notifierType"><c:out value="${pageScope.projectGroupNotifierSummary.type}"/></s:param>
           </s:url>
           <s:a href="%{editUrl}">
             <img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name="edit"/>" title="<s:text name="edit"/>" border="0">
@@ -55,11 +56,11 @@
         </redback:elseAuthorized>
       </ec:column>    
       <ec:column property="deleteActions" title="&nbsp;" width="1%">
-        <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+        <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
           <s:url id="removeUrl" action="deleteProjectGroupNotifier!default.action" namespace="/">
-            <s:param name="projectGroupId">${pageScope.projectGroupNotifierSummary.projectGroupId}</s:param>
-            <s:param name="notifierId">${pageScope.projectGroupNotifierSummary.id}</s:param>
-            <s:param name="notifierType">${pageScope.projectGroupNotifierSummary.type}</s:param>
+            <s:param name="projectGroupId"><c:out value="${pageScope.projectGroupNotifierSummary.projectGroupId}"/></s:param>
+            <s:param name="notifierId"><c:out value="${pageScope.projectGroupNotifierSummary.id}"/></s:param>
+            <s:param name="notifierType"><c:out value="${pageScope.projectGroupNotifierSummary.type}"/></s:param>
           </s:url>
         <s:a href="%{removeUrl}">
           <img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name="delete"/>" title="<s:text name="delete"/>" border="0">
@@ -73,7 +74,7 @@
   </ec:table>
   </c:if>
 
-  <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+  <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
     <div class="functnbar3">
       <s:url id="addUrl" action="addProjectGroupNotifier" namespace="/"  includeContext="false" includeParams="none" />
       <s:form action="%{addUrl}" method="post">
@@ -96,23 +97,23 @@
       <ec:row>
         <ec:column property="projectName" title="projectView.project.name">
           <s:url id="projectUrl" action="projectView" namespace="/" includeParams="none">
-            <s:param name="projectId">${pageScope.projectNotifierSummary.projectId}</s:param>
+            <s:param name="projectId"><c:out value="${pageScope.projectNotifierSummary.projectId}"/></s:param>
           </s:url>
-        <s:a href="%{projectUrl}">${pageScope.projectNotifierSummary.projectName}</s:a>
+        <s:a href="%{projectUrl}"><c:out value="${pageScope.projectNotifierSummary.projectName}"/></s:a>
         </ec:column>
         <ec:column property="type" title="projectView.notifier.type"/>
         <ec:column property="recipient" title="projectView.notifier.recipient"/>
         <ec:column property="events" title="projectView.notifier.events"/>
         <!-- ec:column property="sender" title="projectView.notifier.sender"/ -->
         <ec:column property="editActions" title="&nbsp;" width="1%">
-          <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+          <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
             <c:choose>
               <c:when test="${!pageScope.projectNotifierSummary.fromProject}">
                 <s:url id="editUrl" action="editProjectNotifier" namespace="/" includeParams="none">
-                  <s:param name="projectGroupId">${pageScope.projectNotifierSummary.projectGroupId}</s:param>
-                  <s:param name="projectId">${pageScope.projectNotifierSummary.projectId}</s:param>
-                  <s:param name="notifierId">${pageScope.projectNotifierSummary.id}</s:param>
-                  <s:param name="notifierType">${pageScope.projectNotifierSummary.type}</s:param>
+                  <s:param name="projectGroupId"><c:out value="${pageScope.projectNotifierSummary.projectGroupId}"/></s:param>
+                  <s:param name="projectId"><c:out value="${pageScope.projectNotifierSummary.projectId}"/></s:param>
+                  <s:param name="notifierId"><c:out value="${pageScope.projectNotifierSummary.id}"/></s:param>
+                  <s:param name="notifierType"><c:out value="${pageScope.projectNotifierSummary.type}"/></s:param>
                   <s:param name="fromGroupPage" value="true"/>
                 </s:url>
                 <s:a href="%{editUrl}">
@@ -129,13 +130,13 @@
           </redback:elseAuthorized>
         </ec:column>
         <ec:column property="deleteActions" title="&nbsp;" width="1%">
-          <redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroup.name}">
+          <redback:ifAuthorized permission="continuum-modify-group" resource="${fn:escapeXml(projectGroup.name)}">
             <c:choose>
               <c:when test="${!pageScope.projectNotifierSummary.fromProject}">
                 <s:url id="removeUrl" action="deleteProjectNotifier!default.action" namespace="/">
-                  <s:param name="projectGroupId">${pageScope.projectNotifierSummary.projectGroupId}</s:param>
-                  <s:param name="projectId">${pageScope.projectNotifierSummary.projectId}</s:param>
-                  <s:param name="notifierId">${pageScope.projectNotifierSummary.id}</s:param>
+                  <s:param name="projectGroupId"><c:out value="${pageScope.projectNotifierSummary.projectGroupId}"/></s:param>
+                  <s:param name="projectId"><c:out value="${pageScope.projectNotifierSummary.projectId}"/></s:param>
+                  <s:param name="notifierId"><c:out value="${pageScope.projectNotifierSummary.id}"/></s:param>
                   <s:param name="fromGroupPage" value="true"/>
                 </s:url>
                 <s:a href="%{removeUrl}">



Mime
View raw message