incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cziege...@apache.org
Subject svn commit: r1175869 - /sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/DefaultErrorHandler.java
Date Mon, 26 Sep 2011 13:48:02 GMT
Author: cziegeler
Date: Mon Sep 26 13:48:01 2011
New Revision: 1175869

URL: http://svn.apache.org/viewvc?rev=1175869&view=rev
Log:
SLING-2231 : All output from the default error handler should be encoded

Modified:
    sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/DefaultErrorHandler.java

Modified: sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/DefaultErrorHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/DefaultErrorHandler.java?rev=1175869&r1=1175868&r2=1175869&view=diff
==============================================================================
--- sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/DefaultErrorHandler.java
(original)
+++ sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/DefaultErrorHandler.java
Mon Sep 26 13:48:01 2011
@@ -66,9 +66,11 @@ public class DefaultErrorHandler impleme
      * This method logs error and does not write back and response data if the
      * response has already been committed.
      */
-    public void handleError(int status, String message,
-            SlingHttpServletRequest request, SlingHttpServletResponse response)
-            throws IOException {
+    public void handleError(final int status,
+            String message,
+            final SlingHttpServletRequest request,
+            final SlingHttpServletResponse response)
+    throws IOException {
 
         if (message == null) {
             message = "HTTP ERROR:" + String.valueOf(status);
@@ -90,16 +92,20 @@ public class DefaultErrorHandler impleme
      * This method logs error and does not write back and response data if the
      * response has already been committed.
      */
-    public void handleError(Throwable throwable,
-            SlingHttpServletRequest request, SlingHttpServletResponse response)
-            throws IOException {
+    public void handleError(final Throwable throwable,
+            final SlingHttpServletRequest request,
+            final SlingHttpServletResponse response)
+    throws IOException {
         sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
             throwable.getMessage(), throwable, request, response);
     }
 
-    private void sendError(int status, String message, Throwable throwable,
-            HttpServletRequest request, HttpServletResponse response)
-            throws IOException {
+    private void sendError(final int status,
+            final String message,
+            final Throwable throwable,
+            final HttpServletRequest request,
+            final HttpServletResponse response)
+    throws IOException {
 
         if (response.isCommitted()) {
             log.error(
@@ -108,7 +114,7 @@ public class DefaultErrorHandler impleme
         } else {
 
             // error situation
-            String servletName = (String) request.getAttribute(ERROR_SERVLET_NAME);
+            final String servletName = (String) request.getAttribute(ERROR_SERVLET_NAME);
             String requestURI = (String) request.getAttribute(ERROR_REQUEST_URI);
             if (requestURI == null) {
                 requestURI = request.getRequestURI();
@@ -121,7 +127,7 @@ public class DefaultErrorHandler impleme
             response.setStatus(status);
             response.setContentType("text/html; charset=UTF-8");
 
-            PrintWriter pw = response.getWriter();
+            final PrintWriter pw = response.getWriter();
             pw.println("<html><head><title>");
             pw.println(ResponseUtil.escapeXml(message));
             pw.println("</title></head><body><h1>");
@@ -133,33 +139,39 @@ public class DefaultErrorHandler impleme
                 pw.println("Internal error (no Exception to report)");
             }
             pw.println("</h1><p>");
-            pw.println("RequestURI="
-                + ResponseUtil.escapeXml(request.getRequestURI()));
+            pw.print("RequestURI=");
+            pw.println(ResponseUtil.escapeXml(request.getRequestURI()));
             if (servletName != null) {
-                pw.println("</p>Servlet=" + servletName + "<p>");
+                pw.println("</p><p>Servlet=");
+                pw.println(ResponseUtil.escapeXml(servletName));
             }
             pw.println("</p>");
 
             if (throwable != null) {
+                final PrintWriter escapingWriter = new PrintWriter(
+                        ResponseUtil.getXmlEscapingWriter(pw));
                 pw.println("<h3>Exception stacktrace:</h3>");
                 pw.println("<pre>");
-                throwable.printStackTrace(pw);
+                pw.flush();
+                throwable.printStackTrace(escapingWriter);
+                escapingWriter.flush();
                 pw.println("</pre>");
 
-                RequestProgressTracker tracker = ((SlingHttpServletRequest) request).getRequestProgressTracker();
+                final RequestProgressTracker tracker = ((SlingHttpServletRequest) request).getRequestProgressTracker();
                 pw.println("<h3>Request Progress:</h3>");
                 pw.println("<pre>");
-                tracker.dump(pw);
+                pw.flush();
+                tracker.dump(new PrintWriter(escapingWriter));
+                escapingWriter.flush();
                 pw.println("</pre>");
             }
 
             pw.println("<hr /><address>");
-            pw.println(serverInfo);
+            pw.println(ResponseUtil.escapeXml(serverInfo));
             pw.println("</address></body></html>");
 
             // commit the response
             response.flushBuffer();
-
         }
     }
 }



Mime
View raw message