Skip to content
Permalink
Browse files

[FIXED JENKINS-19548] use commons-lang for properly escaping xml in c…

…hangelog.xml files
  • Loading branch information
Rob Petti
Rob Petti committed Sep 11, 2013
1 parent 775ae4e commit 7c67b467cf8c2dd08794f20ec13d78dc9c472544
@@ -13,6 +13,7 @@
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringEscapeUtils;
import org.kohsuke.stapler.framework.io.WriterOutputStream;

/**
@@ -69,27 +70,27 @@ public static void saveToChangeLog(OutputStream outputStream, List<Changelist> c
for (Changelist change : changes) {
stream.println("\t<entry>");
stream.println("\t\t<changenumber>" + change.getChangeNumber() + "</changenumber>");
stream.println("\t\t<date>" + Util.xmlEscape(PerforceChangeLogParser.javaDateToStringDate(change.getDate())) + "</date>");
stream.println("\t\t<description>" + Util.xmlEscape(change.getDescription()) + "</description>");
stream.println("\t\t<user>" + Util.xmlEscape(change.getUser()) + "</user>");
stream.println("\t\t<workspace>" + Util.xmlEscape(change.getWorkspace()) + "</workspace>");
stream.println("\t\t<date>" + StringEscapeUtils.escapeXml(PerforceChangeLogParser.javaDateToStringDate(change.getDate())) + "</date>");
stream.println("\t\t<description>" + StringEscapeUtils.escapeXml(change.getDescription()) + "</description>");
stream.println("\t\t<user>" + StringEscapeUtils.escapeXml(change.getUser()) + "</user>");
stream.println("\t\t<workspace>" + StringEscapeUtils.escapeXml(change.getWorkspace()) + "</workspace>");
stream.println("\t\t<files>");
for (Changelist.FileEntry entry : change.getFiles()) {
stream.println("\t\t\t<file>");
stream.println("\t\t\t\t<name>" + Util.xmlEscape(entry.getFilename()) + "</name>");
stream.println("\t\t\t\t<workspacePath>" + Util.xmlEscape(entry.getWorkspacePath()) + "</workspacePath>");
stream.println("\t\t\t\t<rev>" + Util.xmlEscape(entry.getRevision()) + "</rev>");
stream.println("\t\t\t\t<changenumber>" + Util.xmlEscape(entry.getChangenumber()) + "</changenumber>");
stream.println("\t\t\t\t<name>" + StringEscapeUtils.escapeXml(entry.getFilename()) + "</name>");
stream.println("\t\t\t\t<workspacePath>" + StringEscapeUtils.escapeXml(entry.getWorkspacePath()) + "</workspacePath>");
stream.println("\t\t\t\t<rev>" + StringEscapeUtils.escapeXml(entry.getRevision()) + "</rev>");
stream.println("\t\t\t\t<changenumber>" + StringEscapeUtils.escapeXml(entry.getChangenumber()) + "</changenumber>");
stream.println("\t\t\t\t<action>" + entry.getAction() + "</action>");
stream.println("\t\t\t</file>");
}
stream.println("\t\t</files>");
stream.println("\t\t<jobs>");
for (Changelist.JobEntry entry : change.getJobs()) {
stream.println("\t\t\t<job>");
stream.println("\t\t\t\t<name>" + Util.xmlEscape(entry.getJob()) + "</name>");
stream.println("\t\t\t\t<description>" + Util.xmlEscape(entry.getDescription()) + "</description>");
stream.println("\t\t\t\t<status>" + Util.xmlEscape(entry.getStatus()) + "</status>");
stream.println("\t\t\t\t<name>" + StringEscapeUtils.escapeXml(entry.getJob()) + "</name>");
stream.println("\t\t\t\t<description>" + StringEscapeUtils.escapeXml(entry.getDescription()) + "</description>");
stream.println("\t\t\t\t<status>" + StringEscapeUtils.escapeXml(entry.getStatus()) + "</status>");
stream.println("\t\t\t</job>");
}
stream.println("\t\t</jobs>");
@@ -27,7 +27,7 @@ public void testSaveAndLoadChangeLogSet() throws Exception {
List<Changelist> changes = new ArrayList<Changelist>();
Changelist cl = new Changelist();
cl.setChangeNumber(1000);
cl.setDescription("test change");
cl.setDescription("test change <this is broken XML&>");
cl.setUser("test.user");
cl.setWorkspace("test_workspace");
List<Changelist.FileEntry> files = new ArrayList<Changelist.FileEntry>();
@@ -53,7 +53,7 @@ public void testSaveAndLoadChangeLogSet() throws Exception {
jobEntry.setStatus("submitted");
jobs.add(jobEntry);
jobEntry = new Changelist.JobEntry();
jobEntry.setDescription("test job2");
jobEntry.setDescription("test job2 <!--Contains some nonsense-->\n<[[ like, really broken ]]>\n");
jobEntry.setJob("test-job2");
jobEntry.setStatus("rejected");
jobs.add(jobEntry);

0 comments on commit 7c67b46

Please sign in to comment.
You can’t perform that action at this time.