Fix potential XSS in host-manager.

markt-asf · markt-asf · commit 49c71fc59c1b · 2008-06-02T21:41:28.000Z
This is CVE-2008-1947. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@662582 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.net.URLEncoder;
 import java.text.MessageFormat;
 import java.util.Iterator;
 import java.util.Map;
@@ -278,17 +279,20 @@ public void list(HttpServletRequest request,
                 args = new Object[7];
                 args[0] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/start?name=" + hostName);
+                     "/html/start?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[1] = hostsStart;
                 args[2] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/stop?name=" + hostName);
+                     "/html/stop?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[3] = hostsStop;
                 args[4] = response.encodeURL
                     (request.getContextPath() +
-                     "/html/remove?name=" + hostName);
+                     "/html/remove?name=" +
+                     URLEncoder.encode(hostName, "UTF-8"));
                 args[5] = hostsRemove;
-                args[6] = hostName;
+                args[6] = RequestUtil.filter(hostName);
                 if (host == this.host) {
                     writer.print(MessageFormat.format(
                         MANAGER_HOST_ROW_BUTTON_SECTION, args));
