Return-Path: 
 <commits-return-6389-apmail-continuum-commits-archive=continuum.apache.org@continuum.apache.org>
X-Original-To: apmail-continuum-commits-archive@www.apache.org
Delivered-To: apmail-continuum-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 677125873
	for <apmail-continuum-commits-archive@www.apache.org>;
 Tue, 10 May 2011 22:47:02 +0000 (UTC)
Received: (qmail 85841 invoked by uid 500); 10 May 2011 22:47:02 -0000
Delivered-To: apmail-continuum-commits-archive@continuum.apache.org
Received: (qmail 85813 invoked by uid 500); 10 May 2011 22:47:02 -0000
Mailing-List: contact commits-help@continuum.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@continuum.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@continuum.apache.org>
List-Post: <mailto:commits@continuum.apache.org>
List-Id: <commits.continuum.apache.org>
Reply-To: dev@continuum.apache.org
Delivered-To: mailing list commits@continuum.apache.org
Received: (qmail 85806 invoked by uid 99); 10 May 2011 22:47:02 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 May 2011 22:47:02 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 May 2011 22:46:50 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 6548B2388A66; Tue, 10 May 2011 22:46:27 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1101669 [4/4] - in /continuum/branches/continuum-1.3.x:
 ./
 continuum-webapp-test/src/test/resources/
 continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/
 continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/p...
Date: Tue, 10 May 2011 22:46:25 -0000
To: commits@continuum.apache.org
From: ctan@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20110510224627.6548B2388A66@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp Tue May 10 22:46:21 2011
@@ -30,11 +30,11 @@
   <table>
     <tr>
       <td>
-          <s:text name="projectGroup.buildsStatut.success"/> : ${groupSummary.numSuccesses}
+          <s:text name="projectGroup.buildsStatut.success"/> : <c:out value="${groupSummary.numSuccesses}"/>
           &nbsp;<img src="<s:url value='/images/icon_success_sml.gif' includeParams="none"/>" alt="<s:text name="projectGroup.buildsStatut.success"/>">
-          &nbsp; <s:text name="projectGroup.buildsStatut.errors"/> : ${groupSummary.numErrors}
+          &nbsp; <s:text name="projectGroup.buildsStatut.errors"/> : <c:out value="${groupSummary.numErrors}"/>
           &nbsp;<img src="<s:url value='/images/icon_error_sml.gif' includeParams="none"/>" alt="<s:text name="projectGroup.buildsStatut.errors"/>">
-          &nbsp; <s:text name="projectGroup.buildsStatut.failures"/> : ${groupSummary.numFailures}
+          &nbsp; <s:text name="projectGroup.buildsStatut.failures"/> : <c:out value="${groupSummary.numFailures}"/>
           &nbsp;<img src="<s:url value='/images/icon_warning_sml.gif' includeParams="none"/>" alt="<s:text name="projectGroup.buildsStatut.failures"/>">
       <td>      
     </tr>
@@ -70,9 +70,9 @@
       <ec:column property="state" title="&nbsp;" width="1%" cell="org.apache.maven.continuum.web.view.StateCell"/>
       <ec:column property="name" title="summary.projectTable.name" width="50%">
         <s:url id="projectUrl" action="projectView" namespace="/" includeParams="none">
-          <s:param name="projectId">${project.id}</s:param>
+          <s:param name="projectId"><c:out value="${project.id}"/></s:param>
         </s:url>
-        <s:a href="%{projectUrl}">${pageScope.project.name}</s:a>
+        <s:a href="%{projectUrl}"><c:out value="${pageScope.project.name}"/></s:a>
       </ec:column>
       <ec:column property="version" title="summary.projectTable.version" width="12%"/>
       <ec:column property="buildNumber" title="summary.projectTable.build" width="2%" style="text-align: center">
@@ -80,19 +80,19 @@
           <c:when test="${project.buildNumber gt 0 && project.buildInSuccessId gt 0}">
             <redback:ifAuthorized permission="continuum-view-group" resource="${projectGroupName}">
               <s:url id="buildResult" action="buildResult">
-                <s:param name="projecGroupId">${project.projectGroupId}</s:param>
-                <s:param name="projectId">${project.id}</s:param>
-                <s:param name="projectName">${project.name}</s:param>
-                <s:param name="buildId">${project.buildInSuccessId}</s:param>
+                <s:param name="projecGroupId"><c:out value="${project.projectGroupId}"/></s:param>
+                <s:param name="projectId"><c:out value="${project.id}"/></s:param>
+                <s:param name="projectName"><c:out value="${project.name}"/></s:param>
+                <s:param name="buildId"><c:out value="${project.buildInSuccessId}"/></s:param>
               </s:url>
-              <s:a href="%{buildResult}">${project.buildNumber}</s:a>
+              <s:a href="%{buildResult}"><c:out value="${project.buildNumber}"/></s:a>
             </redback:ifAuthorized>
             <redback:elseAuthorized>
-              ${project.buildNumber}
+              <c:out value="${project.buildNumber}"/>
             </redback:elseAuthorized>
           </c:when>
           <c:when test="${project.buildNumber gt 0 && project.buildInSuccessId lt 0}">
-              ${project.buildNumber}
+              <c:out value="${project.buildNumber}"/>
           </c:when>
           <c:otherwise>
             &nbsp;
@@ -110,8 +110,8 @@
               <c:choose>
                 <c:when test="${projectIdle}">
                   <s:url id="buildProjectUrl" action="buildProject" namespace="/" includeParams="none">
-                    <s:param name="projectId">${project.id}</s:param>
-                    <s:param name="projectGroupId">${project.projectGroupId}</s:param>
+                    <s:param name="projectId"><c:out value="${project.id}"/></s:param>
+                    <s:param name="projectGroupId"><c:out value="${project.projectGroupId}"/></s:param>
                     <s:param name="fromGroupPage" value="true"/>
                   </s:url>
                   <s:a href="%{buildProjectUrl}">
@@ -120,8 +120,8 @@
                 </c:when>
                 <c:otherwise>
                   <s:url id="cancelBuildProjectUrl" action="cancelBuild" namespace="/" includeParams="none">
-                    <s:param name="projectId">${project.id}</s:param>
-                    <s:param name="projectGroupId">${project.projectGroupId}</s:param>
+                    <s:param name="projectId"><c:out value="${project.id}"/></s:param>
+                    <s:param name="projectGroupId"><c:out value="${project.projectGroupId}"/></s:param>
                   </s:url>
                   <c:choose>
                     <c:when test="${project.state != 8}">
@@ -154,8 +154,8 @@
         <c:choose>
           <c:when test="${pageScope.project.latestBuildId > 0}">
             <s:url id="buildResultsUrl" action="buildResults" namespace="/">
-              <s:param name="projectId">${project.id}</s:param>
-              <s:param name="projectName">${project.name}</s:param>
+              <s:param name="projectId"><c:out value="${project.id}"/></s:param>
+              <s:param name="projectName"><c:out value="${project.name}"/></s:param>
             </s:url>
             <s:a href="%{buildResultsUrl}"><img src="<s:url value='/images/buildhistory.gif' includeParams="none"/>" alt="<s:text name="legend.buildHistory"/>" title="<s:text name="legend.buildHistory"/>" border="0"></s:a>
           </c:when>
@@ -173,7 +173,7 @@
         <c:choose>
           <c:when test="${pageScope.project.state == 10 || pageScope.project.state == 2 || pageScope.project.state == 3 || pageScope.project.state == 4 || pageScope.project.state == 6}">
             <s:url id="workingCopyUrl" action="workingCopy" namespace="/">
-              <s:param name="projectId">${project.id}</s:param>
+              <s:param name="projectId"><c:out value="${project.id}"/></s:param>
             </s:url>
             <s:a href="%{workingCopyUrl}"><img src="<s:url value='/images/workingcopy.gif' includeParams="none"/>" alt="<s:text name="legend.workingCopy"/>" title="<s:text name="legend.workingCopy"/>" border="0"></s:a>
           </c:when>
@@ -191,7 +191,7 @@
         <c:choose>
           <c:when test="${pageScope.project.state == 2 && pageScope.project.projectType == 'maven2'}">
             <s:url id="releaseProjectUrl" action="releasePromptGoal" namespace="/">
-              <s:param name="projectId">${project.id}</s:param>
+              <s:param name="projectId"><c:out value="${project.id}"/></s:param>
             </s:url>
             <s:a href="%{releaseProjectUrl}">
               <img src="<s:url value='/images/releaseproject.gif' includeParams="none"/>" alt="<s:text name="legend.release"/>" title="<s:text name="legend.release"/>" border="0"/>
@@ -213,7 +213,7 @@
               test="${projectIdle}">
             <s:token/>
             <s:url id="deleteProjectUrl" value="deleteProject!default.action" namespace="/">
-              <s:param name="projectId">${project.id}</s:param>
+              <s:param name="projectId"><c:out value="${project.id}"/></s:param>
               <s:param name="struts.token.name">struts.token</s:param>
               <s:param name="struts.token"><s:property value="struts.token"/></s:param>
             </s:url>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp Tue May 10 22:46:21 2011
@@ -33,7 +33,7 @@
   <div id="h3">
 
     <s:if test="infoMessage != null">
-       <p>${infoMessage}</p>
+       <p><c:out value="${infoMessage}"/></p>
     </s:if>
     <s:else>
        <h3><s:text name="groups.page.section.title"/></h3>
@@ -63,13 +63,18 @@
               filterable="false">
       <ec:row highlightRow="true">
         <ec:column property="name" title="groups.table.name" width="40%" style="white-space: nowrap">
-          <a href="<s:url  action="projectGroupSummary" namespace="/"><s:param name="projectGroupId">${group.id}</s:param></s:url>">${group.name}</a>
+          <s:url id="projectGroupSummaryUrl" action="projectGroupSummary" namespace="/">
+            <s:param name="projectGroupId">
+              <c:out value="${group.id}" />
+            </s:param>
+          </s:url>
+          <a href="${projectGroupSummaryUrl}"><c:out value="${group.name}"/></a>
         </ec:column>
         <ec:column property="groupId" title="groups.table.groupId" width="40%"/>
         <ec:column property="buildGroupNowAction" title="&nbsp;" width="1%">
           <redback:ifAuthorized permission="continuum-build-group" resource="${group.name}">
             <s:url id="buildProjectGroupUrl" action="buildProjectGroup" namespace="/" includeParams="none">
-              <s:param name="projectGroupId">${group.id}</s:param>
+              <s:param name="projectGroupId"><c:out value="${group.id}"/></s:param>
               <s:param name="buildDefinitionId" value="-1"/>
               <s:param name="fromSummaryPage" value="true"/>
             </s:url>
@@ -84,7 +89,7 @@
         <ec:column property="releaseProjectGroupAction" title="&nbsp;" width="1%">
           <redback:ifAuthorized permission="continuum-build-group" resource="${group.name}">
             <s:url id="releaseProjectGroupUrl" action="releaseProjectGroup" namespace="/" includeParams="none">
-              <s:param name="projectGroupId">${group.id}</s:param>
+              <s:param name="projectGroupId"><c:out value="${group.id}"/></s:param>
             </s:url>
             <s:a href="%{releaseProjectGroupUrl}">
               <img src="<s:url value='/images/releaseproject.gif'/>" alt="<s:text name="projectGroup.releaseNow"/>" title="<s:text name="projectGroup.releaseNow"/>" border="0">
@@ -98,7 +103,7 @@
           <redback:ifAuthorized permission="continuum-remove-group" resource="${group.name}">
             <s:token/>
             <s:url id="removeProjectGroupUrl" action="confirmRemoveProjectGroup" namespace="/" includeParams="none">
-              <s:param name="projectGroupId">${group.id}</s:param>
+              <s:param name="projectGroupId"><c:out value="${group.id}"/></s:param>
             </s:url>
             <s:a href="%{removeProjectGroupUrl}">
               <img src="<s:url value='/images/delete.gif'/>" alt="<s:text name="projectGroup.deleteGroup"/>" title="<s:text name="projectGroup.deleteGroup"/>" border="0">

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/ProjectMenu.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/ProjectMenu.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/ProjectMenu.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/ProjectMenu.jsp Tue May 10 22:46:21 2011
@@ -20,6 +20,7 @@
 <%@ taglib uri="/struts-tags" prefix="s" %>
 <%@ taglib uri='http://java.sun.com/jsp/jstl/core' prefix='c'%>
 <%@ taglib uri="continuum" prefix="c1" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 
 <div>
   <p style="border-top: 1px solid transparent; border-bottom: 1px solid #DFDEDE;">
@@ -43,13 +44,13 @@
         <s:param name="projectGroupId" value="project.projectGroup.id"/>
     </s:url>
 
-    <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${projectGroupSummaryUrl}"><s:text name="projectGroup.tab.summary"/></a>
+    <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${fn:escapeXml(projectGroupSummaryUrl)}"><s:text name="projectGroup.tab.summary"/></a>
     <c:choose>
       <c:when test="${param.tab == 'view'}">
         <b style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em;"><s:text name="info"/></b>
       </c:when>
       <c:otherwise>
-        <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${viewUrl}"><s:text name="info"/></a>
+        <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${fn:escapeXml(viewUrl)}"><s:text name="info"/></a>
       </c:otherwise>
     </c:choose>
 
@@ -58,7 +59,7 @@
         <b style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em;"><s:text name="builds"/></b>
       </c:when>
       <c:otherwise>
-        <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${buildResultsUrl}"><s:text name="builds"/></a>
+        <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${fn:escapeXml(buildResultsUrl)}"><s:text name="builds"/></a>
       </c:otherwise>
     </c:choose>
 
@@ -67,7 +68,7 @@
         <b style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em;"><s:text name="workingCopy"/></b>
       </c:when>
       <c:otherwise>
-        <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${workingCopyUrl}"><s:text name="workingCopy"/></a>
+        <a style="border: 1px solid #DFDEDE; padding-left: 1em; padding-right: 1em; text-decoration: none;" href="${fn:escapeXml(workingCopyUrl)}"><s:text name="workingCopy"/></a>
       </c:otherwise>
     </c:choose>
 

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupAdd.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupAdd.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupAdd.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupAdd.jsp Tue May 10 22:46:21 2011
@@ -30,8 +30,7 @@
         <h3><s:text name="projectGroup.add.section.title"/></h3>
 
         <div class="axial">
-          <s:url id="actionUrl" action="addProjectGroup" includeContext="false" />
-          <s:form action="%{actionUrl}" method="post" >
+          <s:form action="addProjectGroup" method="post" validate="true">
             <c:if test="${!empty actionErrors}">
               <div class="errormessage">
                 <s:iterator value="actionErrors">

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupBuildDefinition.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupBuildDefinition.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupBuildDefinition.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupBuildDefinition.jsp Tue May 10 22:46:21 2011
@@ -35,8 +35,8 @@
         </s:action>
 
         <s:action name="groupBuildDefinitionSummary" executeResult="true" namespace="component">
-          <s:param name="projectGroupId">${projectGroupId}</s:param>
-          <s:param name="projectGroupName">${projectGroup.name}</s:param>
+          <s:param name="projectGroupId"><c:out value="${projectGroupId}"/></s:param>
+          <s:param name="projectGroupName"><c:out value="${projectGroup.name}"/></s:param>
         </s:action>
       </div>
     </body>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupEdit.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupEdit.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupEdit.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupEdit.jsp Tue May 10 22:46:21 2011
@@ -32,18 +32,18 @@
 
         <div class="axial">
           <s:form action="saveProjectGroup" method="post" validate="true">
-              <s:if test="projectInCOQueue">
-                <div class="label">
-                    <p><s:text name="%{getText('project.in.checkout.queue.error')}"/></p>
-                            </div >
-              </s:if>
-              <c:if test="${!empty actionErrors}">
+            <s:if test="projectInCOQueue">
+              <div class="label">
+                <p><s:text name="%{getText('project.in.checkout.queue.error')}"/></p>
+              </div >
+            </s:if>
+            <c:if test="${!empty actionErrors}">
               <div class="errormessage">
                 <s:iterator value="actionErrors">
                   <p><s:property/></p>
                 </s:iterator>
               </div>
-              </c:if>
+            </c:if>
             <table>
               <tbody>
                 <s:hidden name="projectGroupId"/>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp Tue May 10 22:46:21 2011
@@ -41,7 +41,7 @@
       -->
     </div>
 
-    <h3><s:text name="projectGroup.members.section.title"><s:param>${projectGroup.name}</s:param></s:text></h3>
+    <h3><s:text name="projectGroup.members.section.title"><s:param><c:out value="${projectGroup.name}"/></s:param></s:text></h3>
 
     <ec:table items="groupProjects"
               var="project"
@@ -54,9 +54,9 @@
       <ec:row highlightRow="true">
         <ec:column property="name" title="summary.projectTable.name" width="48%">
           <s:url id="projectViewUrl" action="projectView">
-            <s:param name="projectId">${pageScope.project.id}</s:param>
+            <s:param name="projectId"><c:out value="${pageScope.project.id}"/></s:param>
           </s:url>
-          <s:a href="%{projectViewUrl}">${pageScope.project.name}</s:a>
+          <s:a href="%{projectViewUrl}"><c:out value="${pageScope.project.name}"/></s:a>
         </ec:column>
         <ec:column property="editAction" title="&nbsp;" width="1%" sortable="false">
           <center>
@@ -65,8 +65,8 @@
               <c:when
                   test="${pageScope.project.state == 1 || pageScope.project.state == 10 || pageScope.project.state == 2 || pageScope.project.state == 3 || pageScope.project.state == 4}">
                 <s:url id="editProjectUrl" action="projectEdit">
-                  <s:param name="projectId">${pageScope.project.id}</s:param>
-                  <s:param name="projectName">${project.name}</s:param>
+                  <s:param name="projectId"><c:out value="${pageScope.project.id}"/></s:param>
+                  <s:param name="projectName"><c:out value="${project.name}"/></s:param>
                 </s:url>
                 <s:a href="%{editProjectUrl}">
                   <img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name="edit"/>" title="<s:text name="edit"/>" border="0">
@@ -90,8 +90,8 @@
                   test="${pageScope.project.state == 1 || pageScope.project.state == 10 || pageScope.project.state == 2 || pageScope.project.state == 3 || pageScope.project.state == 4}">
                 <s:token/>  
                 <s:url id="removeProjectUrl" action="deleteProject!default.action">
-                  <s:param name="projectId">${pageScope.project.id}</s:param>
-                  <s:param name="projectName">${pageScope.project.name}</s:param>
+                  <s:param name="projectId"><c:out value="${pageScope.project.id}"/></s:param>
+                  <s:param name="projectName"><c:out value="${pageScope.project.name}"/></s:param>
                   <s:param name="struts.token.name">struts.token</s:param>
                   <s:param name="struts.token"><s:property value="struts.token"/></s:param>
                 </s:url>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupNotifier.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupNotifier.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupNotifier.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupNotifier.jsp Tue May 10 22:46:21 2011
@@ -35,7 +35,7 @@
         </s:action>
     
         <s:action name="projectGroupNotifierSummary" executeResult="true" namespace="component">
-          <s:param name="projectGroupId">${projectGroupId}</s:param>
+          <s:param name="projectGroupId"><c:out value="${projectGroupId}"/></s:param>
         </s:action>
       </div>
     </body>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp Tue May 10 22:46:21 2011
@@ -37,7 +37,7 @@
         <s:param name="tabName" value="'ReleaseResults'"/>
       </s:action>
     
-      <h3><s:text name="projectGroup.releaseResults.section.title"><s:param>${projectGroup.name}</s:param></s:text></h3>
+      <h3><s:text name="projectGroup.releaseResults.section.title"><s:param><c:out value="${projectGroup.name}"/></s:param></s:text></h3>
       
       <form id="releaseResultsForm" action="removeReleaseResults.action" method="post">
         <s:token/>
@@ -72,8 +72,8 @@
             </ec:column>
             <ec:column property="actions" title="&nbsp;">
                <s:url id="viewReleaseResultUrl" action="viewReleaseResult">
-                 <s:param name="releaseResultId">${pageScope.result.id}</s:param>
-                 <s:param name="projectGroupId">${projectGroupId}</s:param>
+                 <s:param name="releaseResultId"><c:out value="${pageScope.result.id}"/></s:param>
+                 <s:param name="projectGroupId"><c:out value="${projectGroupId}"/></s:param>
                </s:url>
                <s:a href="%{viewReleaseResultUrl}"><s:text name="releaseResults.viewResult"/></s:a>
              </ec:column>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp Tue May 10 22:46:21 2011
@@ -82,7 +82,7 @@
       <s:param name="tabName" value="'Summary'"/>
     </s:action>
 
-    <h3><s:text name="projectGroup.information.title"><s:param>${projectGroup.name}</s:param></s:text></h3>
+    <h3><s:text name="projectGroup.information.title"><s:param><c:out value="${projectGroup.name}"/></s:param></s:text></h3>
     <div class="axial">
       <table border="1" cellspacing="2" cellpadding="3" width="100%">
         <c1:data label="%{getText('projectGroup.name.label')}" name="projectGroup.name"/>
@@ -190,8 +190,8 @@
     </redback:ifAnyAuthorized>
 
     <s:action name="projectSummary" executeResult="true" namespace="component">
-      <s:param name="projectGroupId">${projectGroupId}</s:param>
-      <s:param name="projectGroupName">${projectGroup.name}</s:param>
+      <s:param name="projectGroupId"><c:out value="${projectGroupId}"/></s:param>
+      <s:param name="projectGroupName"><c:out value="${projectGroup.name}"/></s:param>
     </s:action>
 
   </div>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectView.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectView.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectView.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectView.jsp Tue May 10 22:46:21 2011
@@ -35,7 +35,7 @@
           <jsp:param name="tab" value="view"/>
         </jsp:include>
 
-        <h3><s:text name="projectView.section.title"><s:param>${project.name}</s:param></s:text></h3>
+        <h3><s:text name="projectView.section.title"><s:param><c:out value="${project.name}"/></s:param></s:text></h3>
 
         <div class="axial">
           <table border="1" cellspacing="2" cellpadding="3" width="100%">
@@ -45,7 +45,7 @@
             <c1:data label="%{getText('projectView.project.scmUrl')}" name="project.scmUrl"/>
             <c1:data label="%{getText('projectView.project.scmTag')}" name="project.scmTag"/>
             <s:url id="projectGroupSummaryUrl" value="/projectGroupSummary.action">
-                <s:param name="projectGroupId">${project.projectGroup.id}</s:param>
+                <s:param name="projectGroupId"><c:out value="${project.projectGroup.id}"/></s:param>
             </s:url>
             <c1:data label="%{getText('projectView.project.group')}" name="project.projectGroup.name" valueLink="%{'${projectGroupSummaryUrl}'}"/>
             <c1:data label="%{getText('projectView.project.lastBuildDateTime')}" name="lastBuildDateTime" />
@@ -79,8 +79,8 @@
         <h3><s:text name="projectView.buildDefinitions"/></h3>
 
         <s:action name="buildDefinitionSummary" id="summary" namespace="component" executeResult="true">
-          <s:param name="projectId">${project.id}</s:param>
-          <s:param name="projectGroupId">${project.projectGroup.id}</s:param>
+          <s:param name="projectId"><c:out value="${project.id}"/></s:param>
+          <s:param name="projectGroupId"><c:out value="${project.projectGroup.id}"/></s:param>
         </s:action>
 
         <div class="functnbar3">
@@ -114,10 +114,10 @@
                   <c:choose>
                     <c:when test="${!pageScope.notifier.fromProject}">
                       <s:url id="editUrl" action="editProjectNotifier" namespace="/" includeParams="none">
-                        <s:param name="notifierId">${notifier.id}</s:param>
-                        <s:param name="projectId" value="project.id"/>
-                        <s:param name="projectGroupId">${project.projectGroup.id}</s:param>
-                        <s:param name="notifierType">${notifier.type}</s:param>
+                        <s:param name="notifierId"><c:out value="${notifier.id}"/></s:param>
+                        <s:param name="projectId"><c:out value="${project.id}"/></s:param>
+                        <s:param name="projectGroupId"><c:out value="${project.projectGroup.id}"/></s:param>
+                        <s:param name="notifierType"><c:out value="${notifier.type}"/></s:param>
                       </s:url>
                       <s:a href="%{editUrl}">
                         <img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name="edit"/>" title="<s:text name="edit"/>" border="0">
@@ -137,10 +137,10 @@
                   <c:choose>
                     <c:when test="${!pageScope.notifier.fromProject}">
                       <s:url id="removeUrl" action="deleteProjectNotifier!default.action" namespace="/">
-                        <s:param name="projectId" value="project.id"/>
-                        <s:param name="projectGroupId">${project.projectGroup.id}</s:param>
-                        <s:param name="notifierType">${notifier.type}</s:param>
-                        <s:param name="notifierId">${notifier.id}</s:param>
+                        <s:param name="projectId"><c:out value="${project.id}"/></s:param>
+                        <s:param name="projectGroupId"><c:out value="${project.projectGroup.id}"/></s:param>
+                        <s:param name="notifierType"><c:out value="${notifier.type}"/></s:param>
+                        <s:param name="notifierId"><c:out value="${notifier.id}"/></s:param>
                     </s:url>
                     <s:a href="%{removeUrl}">
                       <img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name="delete"/>" title="<s:text name="delete"/>" border="0">

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/releases.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/releases.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/releases.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/releases.jsp Tue May 10 22:46:21 2011
@@ -48,11 +48,11 @@
           <ec:row>
             <ec:column property="releaseId" title="releaseSummary.table.releaseId">
               <s:url id="viewReleaseUrl" action="releaseInProgress">
-                <s:param name="releaseId">${pageScope.releaseSummary.releaseId}</s:param>
-                <s:param name="projectId">${pageScope.releaseSummary.projectId}</s:param>
-                <s:param name="releaseGoal">${pageScope.releaseSummary.releaseGoal}</s:param>
+                <s:param name="releaseId"><c:out value="${pageScope.releaseSummary.releaseId}"/></s:param>
+                <s:param name="projectId"><c:out value="${pageScope.releaseSummary.projectId}"/></s:param>
+                <s:param name="releaseGoal"><c:out value="${pageScope.releaseSummary.releaseGoal}"/></s:param>
               </s:url>
-              <s:a href="%{viewReleaseUrl}">${pageScope.releaseSummary.releaseId}</s:a>
+              <s:a href="%{viewReleaseUrl}"><c:out value="${pageScope.releaseSummary.releaseId}"/></s:a>
             </ec:column>
             <ec:column property="releaseGoal" title="releaseSummary.table.releaseGoal"/>
             <ec:column property="buildAgentUrl" title="releaseSummary.table.buildAgentUrl"/>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp Tue May 10 22:46:21 2011
@@ -46,15 +46,15 @@
             <ec:column property="active" title="schedules.table.active"/>
             <ec:column property="editActions" title="&nbsp;" width="1%">
                 <s:url id="editScheduleUrl" action="schedule">
-                  <s:param name="id">${pageScope.schedule.id}</s:param>
+                  <s:param name="id"><c:out value="${pageScope.schedule.id}"/></s:param>
                 </s:url>
                 <s:a href="%{editScheduleUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0" /></s:a>
             </ec:column>
             <ec:column property="editActions" title="&nbsp;" width="1%">
                 <s:token/>
                 <s:url id="removeScheduleUrl" action="removeSchedule">
-                  <s:param name="id">${pageScope.schedule.id}</s:param>
-                  <s:param name="name">${pageScope.schedule.name}</s:param>
+                  <s:param name="id"><c:out value="${pageScope.schedule.id}"/></s:param>
+                  <s:param name="name"><c:out value="${pageScope.schedule.name}"/></s:param>
                   <s:param name="struts.token.name">struts.token</s:param>
                   <s:param name="struts.token"><s:property value="struts.token"/></s:param>
                 </s:url>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/test/java/org/apache/maven/continuum/web/action/AddProjectActionTest.java
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/test/java/org/apache/maven/continuum/web/action/AddProjectActionTest.java?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/test/java/org/apache/maven/continuum/web/action/AddProjectActionTest.java (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/test/java/org/apache/maven/continuum/web/action/AddProjectActionTest.java Tue May 10 22:46:21 2011
@@ -42,6 +42,16 @@ public class AddProjectActionTest
 
     private final Mock continuumMock;
 
+    private static final String VALID_NAME_CHARACTER = "abcABC123whitespaces_.:-";
+
+    private static final String VALID_VERSION_CHARACTER = "abcABC123.-";
+
+    private static final String VALID_SCM_URL_CHARACTER = "abcABC123_.:-#~=@\\/|[]";
+
+    private static final String VALID_SCM_TAG_CHARACTER = "abcABC123_.:-#~=@\\/|[]";
+
+    private static final String VALID_DESCRIPTION_CHARACTER = "abcABC123whitespaces_.-";
+
     public AddProjectActionTest()
     {
         action = new AddProjectActionStub();
@@ -90,6 +100,35 @@ public class AddProjectActionTest
         action.add();
         continuumMock.verify();
     }
+    
+    public void testAddAntProjectWithValidValues()
+        throws Exception
+    {
+        List<Project> projects = createProjectList();
+        continuumMock.expects( once() ).method( "getProjects" ).will( returnValue( projects ) );
+        continuumMock.expects( once() ).method( "addProject" ).will( returnValue( 3 ) );
+        
+        action.setProjectName( VALID_NAME_CHARACTER );
+        action.setProjectDescription( VALID_DESCRIPTION_CHARACTER );
+        action.setProjectVersion( VALID_VERSION_CHARACTER );
+        action.setProjectScmUrl( VALID_SCM_URL_CHARACTER );
+        action.setProjectScmTag( VALID_SCM_TAG_CHARACTER );
+        action.setProjectType( "ant" );
+        action.setSelectedProjectGroup( 1 );
+        action.setBuildDefintionTemplateId( 1 );
+        
+        // validate
+        action.validate();
+
+        // verify
+        assertFalse( action.hasActionErrors() );
+        assertEquals( 0, action.getActionErrors().size() );
+
+        // add
+        action.add();
+        
+        continuumMock.verify();
+    }
 
     /**
      * Test add of Shell project
@@ -116,7 +155,36 @@ public class AddProjectActionTest
         action.add();
         continuumMock.verify();
     }
-    
+
+    public void testAddShellProjectWithValidValues()
+        throws Exception
+    {
+        List<Project> projects = createProjectList();
+        continuumMock.expects( once() ).method( "getProjects" ).will( returnValue( projects ) );
+        continuumMock.expects( once() ).method( "addProject" ).will( returnValue( 3 ) );
+
+        action.setProjectName( VALID_NAME_CHARACTER );
+        action.setProjectDescription( VALID_DESCRIPTION_CHARACTER );
+        action.setProjectVersion( VALID_VERSION_CHARACTER );
+        action.setProjectScmUrl( VALID_SCM_URL_CHARACTER );
+        action.setProjectScmTag( VALID_SCM_TAG_CHARACTER );
+        action.setProjectType( "shell" );
+        action.setSelectedProjectGroup( 1 );
+        action.setBuildDefintionTemplateId( 1 );
+
+        // validate
+        action.validate();
+
+        // verify
+        assertFalse( action.hasActionErrors() );
+        assertEquals( 0, action.getActionErrors().size() );
+
+        // add
+        action.add();
+
+        continuumMock.verify();
+    }
+
     private List<Project> createProjectList()
     {
         List<Project> projects = new ArrayList<Project>();

Modified: continuum/branches/continuum-1.3.x/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java (original)
+++ continuum/branches/continuum-1.3.x/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java Tue May 10 22:46:21 2011
@@ -29,6 +29,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.continuum.buildmanager.BuildManagerException;
 import org.apache.continuum.buildmanager.BuildsManager;
 import org.apache.continuum.dao.SystemConfigurationDao;
@@ -66,7 +68,6 @@ import org.apache.maven.continuum.xmlrpc
 import org.codehaus.plexus.redback.authorization.AuthorizationException;
 import org.codehaus.plexus.redback.role.RoleManager;
 import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.util.StringUtils;
 
 import net.sf.dozer.util.mapping.DozerBeanMapperSingletonWrapper;
 import net.sf.dozer.util.mapping.MapperIF;
@@ -79,6 +80,46 @@ import net.sf.dozer.util.mapping.MapperI
 public class ContinuumServiceImpl
     extends AbstractContinuumSecureService
 {
+    private static final String NAME_VALID_EXPRESSION = "[a-zA-Z0-9_.\\s\\-]*";
+
+    private static final String DIRECTORY_VALID_EXPRESSION = "[A-Za-z0-9_/\\s:.\\\\-]*";
+
+    private static final String URL_VALID_EXPRESSION = "[A-Za-z0-9_.@:/-]*";
+
+    private static final String PROJECT_VERSION_VALID_EXPRESSION = "[a-zA-Z0-9.-]*";
+
+    private static final String PROJECT_SCM_URL_VALID_EXPRESSION = "[a-zA-Z0-9_.:${}#~=@\\/|\\[\\]-]*";
+
+    private static final String PROJECT_SCM_TAG_VALID_EXPRESSION = "[a-zA-Z0-9_.:@\\/|#~=\\[\\]-]*";
+
+    private static final String PROJECT_GROUP_ID_VALID_EXPRESSION = "[A-Za-z0-9.]*";
+
+    private static final String PROJECT_ARTIFACT_ID_VALID_EXPRESSION = "[A-Za-z0-9\\-]*";
+
+    private static final String PROJECT_EXECUTOR_OR_BUILDDEF_TYPE_VALID_EXPRESSION = "maven2|maven-1|ant|shell";    
+
+    private static final String SCHEDULE_CRON_VALID_EXPRESSION = "[A-Z0-9\\s*/,-?#]*";
+
+    private static final String PROJECTGROUP_ID_VALID_EXPRESSION = "[a-zA-Z0-9.\\s]*";
+
+    private static final String REPOSITORY_LAYOUT_VALID_EXPRESSION = "default|legacy";
+
+    private static final String BUILD_DEFINITION_ARGUMENTS_VALID_EXPRESSION = "[A-Za-z0-9_./=,\":\\s\\\\-]*";
+
+    private static final String BUILD_DEFINITION_GOALS_VALID_EXPRESSION = "[A-Za-z0-9_:\\s\\-]*";
+
+    private static final String BUILD_DEFINITION_BUILD_FILE_VALID_EXPRESSION = "[A-Za-z0-9_.\\-]*";
+
+    private static final String INSTALLATION_VARNAME_VALID_EXPRESSION = "[A-Za-z][A-Za-z0-9_]*";
+
+    private static final String INSTALLATION_VARVALUE_VALID_EXPRESSION = "[A-Za-z0-9_.:=${}/\\s\\\\-]*";
+
+    private static final String INSTALLATION_TYPE_VALID_EXPRESSION = "jdk|maven2|maven1|ant|envvar";
+
+    private static final String DIRECTORY_TYPE_VALID_EXPRESSION = "releases|buildOutput";
+
+    private static final String NOTIFIER_TYPE_VALID_EXPRESSION = "irc|jabber|msn|mail|wagon";
+
     private static final MapperIF mapper = DozerBeanMapperSingletonWrapper.getInstance();
 
     /**
@@ -167,6 +208,31 @@ public class ContinuumServiceImpl
     public ProjectSummary updateProject( ProjectSummary project )
         throws ContinuumException
     {
+        if ( StringUtils.isNotBlank( project.getName() ) && 
+                        !project.getName().matches( NAME_VALID_EXPRESSION ) )
+                        //!GenericValidator.matchRegexp( project.getName(), NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Name contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( project.getScmTag() ) && 
+                        !project.getScmTag().matches( PROJECT_SCM_TAG_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Scm Tag contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( project.getScmUrl() ) &&
+                        !project.getScmUrl().matches( PROJECT_SCM_URL_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Scm Url contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( project.getVersion() ) &&
+                        !project.getVersion().matches( PROJECT_VERSION_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Version contains invalid characters" );
+        }
+
         ProjectSummary ps = getProjectSummary( project.getId() );
 
         checkRemoveProjectFromGroupAuthorization( ps.getProjectGroup().getName() );
@@ -326,6 +392,11 @@ public class ContinuumServiceImpl
             throw new ContinuumException( "project group name can't be spaces" );
         }
 
+        if ( !projectGroup.getName().matches( NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "ProjectGroup Name contains invalid characters" );
+        }
+
         org.apache.maven.continuum.model.project.ProjectGroup pg =
             continuum.getProjectGroupWithProjects( projectGroup.getId() );
 
@@ -347,7 +418,7 @@ public class ContinuumServiceImpl
             }
         }
 
-        pg.setDescription( projectGroup.getDescription() );
+        pg.setDescription( StringEscapeUtils.escapeXml( projectGroup.getDescription() ) );
 
         org.apache.continuum.model.repository.LocalRepository repo =
             new org.apache.continuum.model.repository.LocalRepository();
@@ -360,11 +431,23 @@ public class ContinuumServiceImpl
     public ProjectGroupSummary addProjectGroup( String groupName, String groupId, String description )
         throws Exception
     {
+        if ( StringUtils.isNotBlank( groupId ) &&
+                        !groupId.matches( PROJECTGROUP_ID_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "ProjectGroup Id contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( groupName ) &&
+                        !groupName.matches( NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "ProjectGroup Name contains invalid characters" );
+        }
+
         org.apache.maven.continuum.model.project.ProjectGroup pg =
             new org.apache.maven.continuum.model.project.ProjectGroup();
         pg.setName( groupName );
         pg.setGroupId( groupId );
-        pg.setDescription( description );
+        pg.setDescription( StringEscapeUtils.escapeXml( description ) );
         continuum.addProjectGroup( pg );
         return populateProjectGroupSummary( continuum.getProjectGroupByGroupId( groupId ) );
     }
@@ -378,6 +461,11 @@ public class ContinuumServiceImpl
     public ProjectNotifier updateNotifier( int projectid, ProjectNotifier newNotifier )
         throws ContinuumException
     {
+        if ( StringUtils.isNotBlank( newNotifier.getType() ) &&
+             !newNotifier.getType().matches( NOTIFIER_TYPE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Notifier Type can only be 'irc, jabber, msn, mail or wagon" );
+        }
 
         org.apache.maven.continuum.model.project.ProjectNotifier notifier =
             continuum.getNotifier( projectid, newNotifier.getId() );
@@ -396,6 +484,11 @@ public class ContinuumServiceImpl
     public ProjectNotifier addNotifier( int projectid, ProjectNotifier newNotifier )
         throws ContinuumException
     {
+        if ( StringUtils.isNotBlank( newNotifier.getType() ) &&
+                        !newNotifier.getType().matches( NOTIFIER_TYPE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Notifier Type can only be 'irc, jabber, msn, mail or wagon'" );
+        }
 
         org.apache.maven.continuum.model.project.ProjectNotifier notifier =
             new org.apache.maven.continuum.model.project.ProjectNotifier();
@@ -427,6 +520,11 @@ public class ContinuumServiceImpl
     public ProjectNotifier updateGroupNotifier( int projectgroupid, ProjectNotifier newNotifier )
         throws ContinuumException
     {
+        if ( StringUtils.isNotBlank( newNotifier.getType() ) &&
+             !newNotifier.getType().matches( NOTIFIER_TYPE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Notifier Type can only be 'irc, jabber, msn, mail, or wagon" );
+        }
 
         org.apache.maven.continuum.model.project.ProjectNotifier notifier =
             continuum.getGroupNotifier( projectgroupid, newNotifier.getId() );
@@ -447,6 +545,13 @@ public class ContinuumServiceImpl
     {
         org.apache.maven.continuum.model.project.ProjectNotifier notifier =
             new org.apache.maven.continuum.model.project.ProjectNotifier();
+
+        if ( StringUtils.isNotBlank( newNotifier.getType() ) &&
+                        !newNotifier.getType().matches( NOTIFIER_TYPE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Notifier Type can only be 'irc, jabber, msn, mail or wagon" );
+        }
+
         notifier.setConfiguration( newNotifier.getConfiguration() );
         notifier.setFrom( newNotifier.getFrom() );
         notifier.setRecipientType( newNotifier.getRecipientType() );
@@ -813,7 +918,7 @@ public class ContinuumServiceImpl
         org.apache.maven.continuum.model.project.Schedule storedSchedule = continuum.getSchedule( schedule.getId() );
         storedSchedule.setActive( newSchedule.isActive() );
         storedSchedule.setName( newSchedule.getName() );
-        storedSchedule.setDescription( newSchedule.getDescription() );
+        storedSchedule.setDescription( StringEscapeUtils.escapeXml( newSchedule.getDescription() ) );
         storedSchedule.setDelay( newSchedule.getDelay() );
         storedSchedule.setCronExpression( newSchedule.getCronExpression() );
         storedSchedule.setMaxJobExecutionTime( newSchedule.getMaxJobExecutionTime() );
@@ -1475,9 +1580,65 @@ public class ContinuumServiceImpl
         {
             return null;
         }
+
+        // validate
+        if ( StringUtils.isNotBlank( projectSummary.getArtifactId() ) &&
+                        !projectSummary.getArtifactId().matches( PROJECT_ARTIFACT_ID_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Artifact Id contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getExecutorId() ) &&
+                        !projectSummary.getExecutorId().matches( PROJECT_EXECUTOR_OR_BUILDDEF_TYPE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Executor Id can only be 'maven2, maven-1, ant or shell'" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getGroupId() ) &&
+                        !projectSummary.getGroupId().matches( PROJECT_GROUP_ID_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Group Id contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getName() ) && 
+                        !projectSummary.getName().matches( NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Name contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getScmTag() ) && 
+                        !projectSummary.getScmTag().matches( PROJECT_SCM_TAG_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Scm Tag contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getScmUrl() ) &&
+                        !projectSummary.getScmUrl().matches( PROJECT_SCM_URL_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Scm Url contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getUrl() ) && 
+                        !projectSummary.getUrl().matches( URL_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Url contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getVersion() ) &&
+                        !projectSummary.getVersion().matches( PROJECT_VERSION_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Version contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( projectSummary.getWorkingDirectory() ) &&
+                        !projectSummary.getWorkingDirectory().matches( DIRECTORY_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Project Working Directory contains invalid characters" );
+        }
+
         project.setArtifactId( projectSummary.getArtifactId() );
         project.setBuildNumber( projectSummary.getBuildNumber() );
-        project.setDescription( projectSummary.getDescription() );
+        project.setDescription( StringEscapeUtils.escapeXml( projectSummary.getDescription() ) );
         project.setExecutorId( projectSummary.getExecutorId() );
         project.setGroupId( projectSummary.getGroupId() );
         project.setId( projectSummary.getId() );
@@ -1517,13 +1678,26 @@ public class ContinuumServiceImpl
 
     private org.apache.maven.continuum.model.project.ProjectGroup populateProjectGroupSummary(
         ProjectGroupSummary group, org.apache.maven.continuum.model.project.ProjectGroup g )
+    	throws ContinuumException
     {
         if ( group == null )
         {
             return null;
         }
 
-        g.setDescription( group.getDescription() );
+        if ( StringUtils.isNotBlank( group.getGroupId() ) &&
+        			!group.getGroupId().matches( PROJECTGROUP_ID_VALID_EXPRESSION ) )
+        {
+        	throw new ContinuumException( "ProjectGroup Id contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( group.getName() ) &&
+        		!group.getName().matches( NAME_VALID_EXPRESSION ) )
+        {
+        	throw new ContinuumException( "ProjectGroup Name contains invalid characters" );
+        }
+
+        g.setDescription( StringEscapeUtils.escapeXml( group.getDescription() ) );
         g.setGroupId( group.getGroupId() );
         g.setId( group.getId() );
         g.setName( group.getName() );
@@ -1600,6 +1774,30 @@ public class ContinuumServiceImpl
             return null;
         }
 
+        if ( StringUtils.isNotBlank( buildDef.getArguments() ) &&
+                        !buildDef.getArguments().matches( BUILD_DEFINITION_ARGUMENTS_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Build Definition Arguments contain invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( buildDef.getBuildFile() ) &&
+                        !buildDef.getBuildFile().matches( BUILD_DEFINITION_BUILD_FILE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Build Definition Build File contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( buildDef.getGoals() ) &&
+                        !buildDef.getGoals().matches( BUILD_DEFINITION_GOALS_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Build Definition Goals contain invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( buildDef.getType() ) && 
+                        !buildDef.getType().matches( PROJECT_EXECUTOR_OR_BUILDDEF_TYPE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Build Definition Type can only be 'maven2, maven-1, ant, or shell'" );
+        }
+
         bd.setArguments( buildDef.getArguments() );
         bd.setBuildFile( buildDef.getBuildFile() );
         bd.setType( buildDef.getType() );
@@ -1638,16 +1836,29 @@ public class ContinuumServiceImpl
 
     private org.apache.maven.continuum.model.project.Schedule populateSchedule( Schedule schedule,
                                                                                 org.apache.maven.continuum.model.project.Schedule s )
+        throws ContinuumException
     {
         if ( schedule == null )
         {
             return null;
         }
 
+        if ( StringUtils.isNotBlank( schedule.getCronExpression() ) && 
+                        !schedule.getCronExpression().matches( SCHEDULE_CRON_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Schedule Cron Expression contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( schedule.getName() ) &&
+                        !schedule.getName().matches( NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Schedule Name contains invalid characters" );
+        }
+
         s.setActive( schedule.isActive() );
         s.setCronExpression( schedule.getCronExpression() );
         s.setDelay( schedule.getDelay() );
-        s.setDescription( schedule.getDescription() );
+        s.setDescription( StringEscapeUtils.escapeXml( schedule.getDescription() ) );
         s.setId( schedule.getId() );
         s.setMaxJobExecutionTime( schedule.getMaxJobExecutionTime() );
         s.setName( schedule.getName() );
@@ -1668,11 +1879,17 @@ public class ContinuumServiceImpl
             return null;
         }
 
+        if ( StringUtils.isNotBlank( profile.getName() ) 
+                        && !profile.getName().matches( NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Build Environment Name contains invalid characters" );
+        }
+
         try
         {
             newProfile.setActive( profile.isActive() );
             newProfile.setBuildWithoutChanges( profile.isBuildWithoutChanges() );
-            newProfile.setDescription( profile.getDescription() );
+            newProfile.setDescription( StringEscapeUtils.escapeXml( profile.getDescription() ) );
             newProfile.setName( profile.getName() );
             newProfile.setScmMode( profile.getScmMode() );
             if ( profile.getBuilder() != null )
@@ -1725,12 +1942,37 @@ public class ContinuumServiceImpl
 
     private org.apache.maven.continuum.model.system.Installation populateInstallation( Installation install,
                                                                                        org.apache.maven.continuum.model.system.Installation inst )
+        throws ContinuumException
     {
         if ( install == null )
         {
             return null;
         }
 
+        if ( StringUtils.isNotBlank( install.getName() ) &&
+                        !install.getName().matches( NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Installation Name contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( install.getType() ) &&
+                        !install.getType().matches( INSTALLATION_TYPE_VALID_EXPRESSION ))
+        {
+            throw new ContinuumException( "Installation Type contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( install.getVarName() ) &&
+                        !install.getVarName().matches( INSTALLATION_VARNAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Installation VarName contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( install.getVarValue() ) &&
+                        !install.getVarValue().matches( INSTALLATION_VARVALUE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Installation VarValue contains invalid characters" );
+        }
+
         inst.setName( install.getName() );
         inst.setType( install.getType() );
         inst.setVarName( install.getVarName() );
@@ -1775,7 +2017,7 @@ public class ContinuumServiceImpl
         repoPurge.setDefaultPurge( repoPurgeConfig.isDefaultPurge() );
         repoPurge.setDeleteAll( repoPurgeConfig.isDeleteAll() );
         repoPurge.setDeleteReleasedSnapshots( repoPurgeConfig.isDeleteReleasedSnapshots() );
-        repoPurge.setDescription( repoPurgeConfig.getDescription() );
+        repoPurge.setDescription( StringEscapeUtils.escapeXml( repoPurgeConfig.getDescription() ) );
         repoPurge.setEnabled( repoPurgeConfig.isEnabled() );
         repoPurge.setRetentionCount( repoPurgeConfig.getRetentionCount() );
         if ( repoPurgeConfig.getRepository() != null )
@@ -1817,10 +2059,22 @@ public class ContinuumServiceImpl
             return null;
         }
 
+        if ( StringUtils.isNotBlank( dirPurgeConfig.getDirectoryType() ) &&
+                        !dirPurgeConfig.getDirectoryType().matches( DIRECTORY_TYPE_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Directory Purge Configuration Type can only be 'releases or buildOutput'" );
+        }
+
+        if ( StringUtils.isNotBlank( dirPurgeConfig.getLocation() ) &&
+                        !dirPurgeConfig.getLocation().matches( DIRECTORY_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Directory Purge Configuration Location contains invalid characters" );
+        }
+
         dirPurge.setDaysOlder( dirPurgeConfig.getDaysOlder() );
         dirPurge.setDefaultPurge( dirPurgeConfig.isDefaultPurge() );
         dirPurge.setDeleteAll( dirPurgeConfig.isDeleteAll() );
-        dirPurge.setDescription( dirPurgeConfig.getDescription() );
+        dirPurge.setDescription( StringEscapeUtils.escapeXml( dirPurgeConfig.getDescription() ) );
         dirPurge.setDirectoryType( dirPurgeConfig.getDirectoryType() );
         dirPurge.setEnabled( dirPurgeConfig.isEnabled() );
 
@@ -1858,12 +2112,31 @@ public class ContinuumServiceImpl
 
     private org.apache.continuum.model.repository.LocalRepository populateLocalRepository( LocalRepository repository,
                                                                                            org.apache.continuum.model.repository.LocalRepository repo )
+        throws ContinuumException
     {
         if ( repository == null )
         {
             return null;
         }
 
+        if ( StringUtils.isNotBlank( repository.getLayout() ) &&
+                        !repository.getLayout().matches( REPOSITORY_LAYOUT_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Repository Layout can only be 'default or legacy'" );
+        }
+
+        if ( StringUtils.isNotBlank( repository.getLocation() ) &&
+                        !repository.getLocation().matches( DIRECTORY_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Repository Location contains invalid characters" );
+        }
+
+        if ( StringUtils.isNotBlank( repository.getName() ) &&
+                        !repository.getName().matches( NAME_VALID_EXPRESSION ) )
+        {
+            throw new ContinuumException( "Repository Name contains invalid characters" );
+        }
+
         repo.setLayout( repository.getLayout() );
         repo.setLocation( repository.getLocation() );
         repo.setName( repository.getName() );

Modified: continuum/branches/continuum-1.3.x/pom.xml
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/pom.xml?rev=1101669&r1=1101668&r2=1101669&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/pom.xml (original)
+++ continuum/branches/continuum-1.3.x/pom.xml Tue May 10 22:46:21 2011
@@ -1596,6 +1596,11 @@ under the License.
         <artifactId>commons-logging-api</artifactId>
         <version>1.1</version>
       </dependency>
+      <dependency>
+        <groupId>org.jsoup</groupId>
+        <artifactId>jsoup</artifactId>
+        <version>1.5.2</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>