svn commit: r1076372 - /struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionProxy.java

[lukaszlenart]

Author: lukaszlenart
Date: Wed Mar  2 21:01:01 2011
New Revision: 1076372

URL: http://svn.apache.org/viewvc?rev=1076372&view=rev
Log:
Solves WW-3579 - escapes actionName and methodName to prevent XSS vulnerability

Modified:

struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionProxy.java

Modified: 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionProxy.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionProxy.java?rev=1076372&r1=1076371&r2=1076372&view=diff
==
--- 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionProxy.java
 (original)
+++ 
struts/struts2/trunk/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionProxy.java
 Wed Mar  2 21:01:01 2011
@@ -23,12 +23,12 @@ import com.opensymphony.xwork2.util.Loca
 import com.opensymphony.xwork2.util.logging.Logger;
 import com.opensymphony.xwork2.util.logging.LoggerFactory;
 import com.opensymphony.xwork2.util.profiling.UtilTimerStack;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
 
 import java.io.Serializable;
 import java.util.Locale;
 
-import org.apache.commons.lang.StringUtils;
-
 
 /**
  * The Default ActionProxy implementation
@@ -74,10 +74,10 @@ public class DefaultActionProxy implemen
LOG.debug("Creating an DefaultActionProxy for namespace 
" + namespace + " and action name " + actionName);
}
 
-   this.actionName = actionName;
-   this.namespace = namespace;
-   this.executeResult = executeResult;
-this.method = methodName;
+this.actionName = StringEscapeUtils.escapeHtml(actionName);
+this.namespace = namespace;
+this.executeResult = executeResult;
+this.method = 
StringEscapeUtils.escapeJavaScript(StringEscapeUtils.escapeHtml(methodName));
 }
 
 @Inject

[CONF] Confluence Changes in the last 24 hours

[confluence]

This is a daily summary of all recent changes in Confluence.

-
Updated Spaces:
-


Apache Camel (https://cwiki.apache.org/confluence/display/CAMEL)

Pages
-
The Camel Riders Welcome Two New Committers created by hadr...@apache.org 
(06:30 PM)
https://cwiki.apache.org/confluence/display/CAMEL/2011/03/02/The+Camel+Riders+Welcome+Two+New+Committers

Spring Web Services edited by  muellerc  (04:34 PM)
https://cwiki.apache.org/confluence/display/CAMEL/Spring+Web+Services

Servlet Tomcat Example created by davsclaus (08:05 AM)
https://cwiki.apache.org/confluence/display/CAMEL/Servlet+Tomcat+Example

Camel 2.7.0 Release edited by  davsclaus  (08:23 AM)
https://cwiki.apache.org/confluence/display/CAMEL/Camel+2.7.0+Release

Examples edited by  davsclaus  (08:18 AM)
https://cwiki.apache.org/confluence/display/CAMEL/Examples

CXF Tomcat Example edited by  davsclaus  (08:17 AM)
https://cwiki.apache.org/confluence/display/CAMEL/CXF+Tomcat+Example



Apache Connectors Framework 
(https://cwiki.apache.org/confluence/display/CONNECTORS)

Pages
-
HowToContribute edited by  kwri...@metacarta.com  (08:13 AM)
https://cwiki.apache.org/confluence/display/CONNECTORS/HowToContribute

FAQ edited by  kwri...@metacarta.com  (05:00 AM)
https://cwiki.apache.org/confluence/display/CONNECTORS/FAQ



0 ABOUT THE CWIKI SITE (https://cwiki.apache.org/confluence/display/CWIKI)

Comments
https://cwiki.apache.org/confluence/display/CWIKI/Index (1)

Apache CXF Documentation (https://cwiki.apache.org/confluence/display/CXF20DOC)

Pages
-
JAXRS Services Configuration edited by  mazzag  (12:23 PM)
https://cwiki.apache.org/confluence/display/CXF20DOC/JAXRS+Services+Configuration

Schemas and Namespaces edited by  njiang  (08:12 AM)
https://cwiki.apache.org/confluence/display/CXF20DOC/Schemas+and+Namespaces



Apache Karaf (https://cwiki.apache.org/confluence/display/KARAF)

Pages
-
Roadmap edited by  cmoulliard  (10:37 AM)
https://cwiki.apache.org/confluence/display/KARAF/Roadmap

Karaf Enterprise Repository created by cmoulliard (10:22 AM)
https://cwiki.apache.org/confluence/display/KARAF/Karaf+Enterprise+Repository



OFBiz (Open For Business) Project Open Wiki 
(https://cwiki.apache.org/confluence/display/OFBIZ)

Pages
-
Main New Features in 2009 edited by  jacques.le.roux  (01:19 AM)
https://cwiki.apache.org/confluence/display/OFBIZ/Main+New+Features+in+2009

Main New Features edited by  jacques.le.roux  (01:15 AM)
https://cwiki.apache.org/confluence/display/OFBIZ/Main+New+Features

Main New Features in 2010 created by jacques.le.roux (01:15 AM)
https://cwiki.apache.org/confluence/display/OFBIZ/Main+New+Features+in+2010



OpenEJB (https://cwiki.apache.org/confluence/display/OPENEJB)

Pages
-
Navigation edited by  dblevins  (05:09 PM)
https://cwiki.apache.org/confluence/display/OPENEJB/Navigation

Index edited by  dblevins  (05:08 PM)
https://cwiki.apache.org/confluence/display/OPENEJB/Index



Apache OpenNLP (https://cwiki.apache.org/confluence/display/OPENNLP)

Pages
-
TestPlan1.5.1 edited by  joern  (06:01 PM)
https://cwiki.apache.org/confluence/display/OPENNLP/TestPlan1.5.1



Apache Qpid (https://cwiki.apache.org/confluence/display/qpid)

Pages
-
Qpid extensions to AMQP edited by  g...@redhat.com  (12:22 PM)
https://cwiki.apache.org/confluence/display/qpid/Qpid+extensions+to+AMQP

Qpid Network Layer Update 2010 created by andrew.kennedy (05:27 AM)
https://cwiki.apache.org/confluence/display/qpid/Qpid+Network+Layer+Update+2010



Apache Sling (https://cwiki.apache.org/confluence/display/SLING)

Pages
-
Using Scala with Sling edited by  alex.parvulescu  (08:58 AM)
https://cwiki.apache.org/confluence/display/SLING/Using+Scala+with+Sling



Apache Sling Website (https://cwiki.apache.org/confluence/display/SLINGxSITE)

Pages
-
Getting and Building Sling edited by  fmeschbe  (11:13 AM)
https://cwiki.apache.org/confluence/display/SLINGxSITE/Getting+and+Building+Sling



Apache ServiceMix (https://cwiki.apache.org/confluence/display/SM)

Pages
-
Roadmap edited by  gertvanthienen  (04:54 PM)
https://cwiki.apache.org/confluence/display/SM/Roadmap

ServiceMix 5 - NMR Improvements c

svn commit: r1076547 - in /struts/struts2/trunk: ./ apps/mailreader/ apps/portlet/ apps/rest-showcase/ apps/showcase/ bundles/demo/ plugins/codebehind/ plugins/convention/ plugins/dojo/ plugins/embedd

[lukaszlenart]

Author: lukaszlenart
Date: Thu Mar  3 07:28:33 2011
New Revision: 1076547

URL: http://svn.apache.org/viewvc?rev=1076547&view=rev
Log:
Cleanups poms and removes shading

Modified:
struts/struts2/trunk/apps/mailreader/pom.xml
struts/struts2/trunk/apps/portlet/pom.xml
struts/struts2/trunk/apps/rest-showcase/pom.xml
struts/struts2/trunk/apps/showcase/pom.xml
struts/struts2/trunk/bundles/demo/pom.xml
struts/struts2/trunk/plugins/codebehind/pom.xml
struts/struts2/trunk/plugins/convention/pom.xml
struts/struts2/trunk/plugins/dojo/pom.xml
struts/struts2/trunk/plugins/embeddedjsp/pom.xml
struts/struts2/trunk/plugins/jasperreports/pom.xml
struts/struts2/trunk/plugins/javatemplates/pom.xml
struts/struts2/trunk/plugins/json/pom.xml
struts/struts2/trunk/plugins/osgi/pom.xml
struts/struts2/trunk/plugins/oval/pom.xml
struts/struts2/trunk/plugins/portlet/pom.xml
struts/struts2/trunk/plugins/spring/pom.xml
struts/struts2/trunk/pom.xml
struts/struts2/trunk/xwork-core/pom.xml

Modified: struts/struts2/trunk/apps/mailreader/pom.xml
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/mailreader/pom.xml?rev=1076547&r1=1076546&r2=1076547&view=diff
==
--- struts/struts2/trunk/apps/mailreader/pom.xml (original)
+++ struts/struts2/trunk/apps/mailreader/pom.xml Thu Mar  3 07:28:33 2011
@@ -53,12 +53,6 @@
1.3.5
 
 
-
-jboss
-javassist
-3.7.ga
-
-
 
 
 

Modified: struts/struts2/trunk/apps/portlet/pom.xml
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/portlet/pom.xml?rev=1076547&r1=1076546&r2=1076547&view=diff
==
--- struts/struts2/trunk/apps/portlet/pom.xml (original)
+++ struts/struts2/trunk/apps/portlet/pom.xml Thu Mar  3 07:28:33 2011
@@ -206,12 +206,6 @@
 2.1
 
 
-
-jboss
-javassist
-3.7.ga
-
-
 
 
 

Modified: struts/struts2/trunk/apps/rest-showcase/pom.xml
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/rest-showcase/pom.xml?rev=1076547&r1=1076546&r2=1076547&view=diff
==
--- struts/struts2/trunk/apps/rest-showcase/pom.xml (original)
+++ struts/struts2/trunk/apps/rest-showcase/pom.xml Thu Mar  3 07:28:33 2011
@@ -81,12 +81,6 @@
 
 
 
-
-jboss
-javassist
-3.7.ga
-
-
 
 
 

Modified: struts/struts2/trunk/apps/showcase/pom.xml
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/pom.xml?rev=1076547&r1=1076546&r2=1076547&view=diff
==
--- struts/struts2/trunk/apps/showcase/pom.xml (original)
+++ struts/struts2/trunk/apps/showcase/pom.xml Thu Mar  3 07:28:33 2011
@@ -117,7 +117,6 @@
 
 javax.servlet
 servlet-api
-2.4
 provided
 
 
@@ -125,13 +124,11 @@
 
 org.apache.velocity
 velocity
-1.6.3
 
 
 
 org.apache.velocity
 velocity-tools
-1.3
 
 
 velocity
@@ -162,12 +159,10 @@
 
 log4j
 log4j
-1.2.9
 
 
 commons-logging
 commons-logging
-1.0.4
 
 
 org.apache.myfaces.core
@@ -211,12 +206,6 @@
 
 
 
-
-jboss
-javassist
-3.7.ga
-
-
 
 
 

Modified: struts/struts2/trunk/bundles/demo/pom.xml
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/bundles/demo/pom.xml?rev=1076547&r1=1076546&r2=1076547&view=diff
==
--- struts/struts2/trunk/bundles/demo/pom.xml (original)
+++ struts/struts2/trunk/bundles/demo/pom.xml Thu Mar  3 07:28:33 2011
@@ -22,13 +22,12 @@
 
 org.apache.velocity
 velocity
-1.6.3
 
 
 
 org.apache.velocity
 velocity-tools
-1.3
+true
 
 
 velocity
@@ -40,7 +39,6 @@
 
 commons-digester
 commons-digester
-1.8
 
 
 

Modified: struts/struts2/trunk/plugins/codebehind/pom.xml
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/plugins/codebehind/pom.xml?rev=1076547&r1=1076546&r2=1076547&view=diff
==
--- struts/struts2/trunk/plugins/codebehind/pom.xml (original)
+++ struts/struts2/