ASF Bugzilla – Attachment 24139 Details for
Bug 40001
HTML pages should not use GET to restart web-apps.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
suggested fix
HTMLManagerServlet.diff (text/plain), 8.40 KB, created by
lucenebugs2006
on 2009-08-15 15:20:41 UTC
(
hide
)
Description:
suggested fix
Filename:
MIME Type:
Creator:
lucenebugs2006
Created:
2009-08-15 15:20:41 UTC
Size:
8.40 KB
patch
obsolete
>### Eclipse Workspace Patch 1.0 >#P tomcat6 >Index: java/org/apache/catalina/manager/HTMLManagerServlet.java >=================================================================== >--- java/org/apache/catalina/manager/HTMLManagerServlet.java (revision 804515) >+++ java/org/apache/catalina/manager/HTMLManagerServlet.java (working copy) >@@ -112,38 +112,56 @@ > response.setContentType("text/html; charset=" + Constants.CHARSET); > > String message = ""; >- // Process the requested command >- if (command == null || command.equals("/")) { >- } else if (command.equals("/deploy")) { >- message = deployInternal(deployConfig, deployPath, deployWar); >- } else if (command.equals("/list")) { >- } else if (command.equals("/reload")) { >- message = reload(path); >- } else if (command.equals("/undeploy")) { >- message = undeploy(path); >- } else if (command.equals("/expire")) { >- message = expireSessions(path, request); >- } else if (command.equals("/sessions")) { >- try { >- doSessions(path, request, response); >- return; >- } catch (Exception e) { >- log("HTMLManagerServlet.sessions[" + path + "]", e); >- message = sm.getString("managerServlet.exception", >- e.toString()); >- } >- } else if (command.equals("/start")) { >- message = start(path); >- } else if (command.equals("/stop")) { >- message = stop(path); >- } else { >- message = >- sm.getString("managerServlet.unknownCommand", command); >+ >+ try { >+ // Process the requested command >+ if (command == null || command.equals("/")) { >+ } else if (command.equals("/deploy")) { >+ assurePost(request); >+ message = deployInternal(deployConfig, deployPath, deployWar); >+ } else if (command.equals("/list")) { >+ } else if (command.equals("/reload")) { >+ assurePost(request); >+ message = reload(path); >+ } else if (command.equals("/undeploy")) { >+ assurePost(request); >+ message = undeploy(path); >+ } else if (command.equals("/expire")) { >+ assurePost(request); >+ message = expireSessions(path, request); >+ } else if (command.equals("/sessions")) { >+ try { >+ doSessions(path, request, response); >+ return; >+ } catch (Exception e) { >+ log("HTMLManagerServlet.sessions[" + path + "]", e); >+ message = sm.getString("managerServlet.exception", >+ e.toString()); >+ } >+ } else if (command.equals("/start")) { >+ assurePost(request); >+ message = start(path); >+ } else if (command.equals("/stop")) { >+ assurePost(request); >+ message = stop(path); >+ } else { >+ message = >+ sm.getString("managerServlet.unknownCommand", command); >+ } >+ } catch (IllegalHttpMethodException e) { >+ response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "Use POST requests for this URL"); >+ return; > } > > list(request, response, message); > } > >+ private void assurePost(HttpServletRequest request) { >+ if (!request.getMethod().equals("POST")) { >+ throw new IllegalHttpMethodException(); >+ } >+ } >+ > /** > * Process a POST request for the specified resource. > * >@@ -954,6 +972,9 @@ > //TODO: complete this to TTL, etc. > return comparator; > } >+ >+ class IllegalHttpMethodException extends RuntimeException { >+ } > > // ------------------------------------------------------ Private Constants > >@@ -1004,12 +1025,16 @@ > > private static final String STARTED_DEPLOYED_APPS_ROW_BUTTON_SECTION = > " <td class=\"row-left\" bgcolor=\"{13}\">\n" + >- " <small>\n" + >- " {1} \n" + >- " <a href=\"{2}\" onclick=\"return(confirm('''Are you sure?'''))\">{3}</a> \n" + >- " <a href=\"{4}\" onclick=\"return(confirm('''Are you sure?'''))\">{5}</a> \n" + >- " <a href=\"{6}\" onclick=\"return(confirm('''Are you sure?'''))\">{7}</a> \n" + >- " </small>\n" + >+ " <small>{1}</small> \n" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{2}\">\n" + >+ " <input type=\"submit\" value=\"{3}\" onclick=\"return(confirm('''Do you really want to stop this application?'''))\"/> \n" + >+ " </form>\n" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{4}\">\n" + >+ " <input type=\"submit\" value=\"{5}\" onclick=\"return(confirm('''Do you really want to reload this application?'''))\"/> \n" + >+ " </form>\n" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{6}\">\n" + >+ " <input type=\"submit\" value=\"{7}\" onclick=\"return(confirm('''Are you sure? This will delete the application.'''))\"/> \n" + >+ " </form>\n" + > " </td>\n" + > " </tr><tr>\n" + > " <td class=\"row-left\" bgcolor=\"{13}\">\n" + >@@ -1023,30 +1048,40 @@ > > private static final String STOPPED_DEPLOYED_APPS_ROW_BUTTON_SECTION = > " <td class=\"row-left\" bgcolor=\"{13}\" rowspan=\"2\">\n" + >- " <small>\n" + >- " <a href=\"{0}\" onclick=\"return(confirm('''Are you sure?'''))\">{1}</a> \n" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{0}\">\n" + >+ " <input type=\"submit\" value=\"{1}\" onclick=\"return(confirm('''Do you really want to start this application?'''))\"/> \n" + >+ " </form>\n" + >+ " <small>" + > " {3} \n" + > " {5} \n" + >- " <a href=\"{6}\" onclick=\"return(confirm('''Are you sure? This will delete the application.'''))\">{7}</a> \n" + > " </small>\n" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{6}\">\n" + >+ " <input type=\"submit\" value=\"{7}\" onclick=\"return(confirm('''Are you sure? This will delete the application.'''))\"/> \n" + >+ " </form>\n" + > " </td>\n" + > "</tr>\n<tr></tr>\n"; > > private static final String STARTED_NONDEPLOYED_APPS_ROW_BUTTON_SECTION = > " <td class=\"row-left\" bgcolor=\"{13}\" rowspan=\"2\">\n" + >- " <small>\n" + >+ " <small>" + > " {1} \n" + >- " <a href=\"{2}\" onclick=\"return(confirm('''Are you sure?'''))\">{3}</a> \n" + >- " <a href=\"{4}\" onclick=\"return(confirm('''Are you sure?'''))\">{5}</a> \n" + >- " {7} \n" + >- " </small>\n" + >+ " </small>" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{2}\">\n" + >+ " <input type=\"submit\" value=\"{3}\" onclick=\"return(confirm('''Do you really want to stop this application?'''))\"/> \n" + >+ " </form>\n" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{4}\">\n" + >+ " <input type=\"submit\" value=\"{5}\" onclick=\"return(confirm('''Do you really want to reload this application?'''))\"/> \n" + >+ " </form>\n" + >+ " <small> {7} </small>\n" + > " </td>\n" + > "</tr>\n<tr></tr>\n"; > > private static final String STOPPED_NONDEPLOYED_APPS_ROW_BUTTON_SECTION = > " <td class=\"row-left\" bgcolor=\"{13}\" rowspan=\"2\">\n" + >+ " <form style=\"display:inline\" method=\"POST\" action=\"{0}\">\n" + >+ " <input type=\"submit\" value=\"{1}\" onclick=\"return(confirm('''Do you really want to start this application?'''))\"/> \n" + >+ " </form>\n" + > " <small>\n" + >- " <a href=\"{0}\" onclick=\"return(confirm('''Are you sure?'''))\">{1}</a> \n" + > " {3} \n" + > " {5} \n" + > " {7} \n" + >@@ -1066,7 +1101,7 @@ > "</tr>\n" + > "<tr>\n" + > " <td colspan=\"2\">\n" + >- "<form method=\"get\" action=\"{2}\">\n" + >+ "<form method=\"post\" action=\"{2}\">\n" + > "<table cellspacing=\"0\" cellpadding=\"3\">\n" + > "<tr>\n" + > " <td class=\"row-right\">\n" +
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=24139">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 40001
: 24139