From 9e622c6a6c60721d3e6bce7e3594a3d292c67c08 Mon Sep 17 00:00:00 2001 From: alena Date: Thu, 24 Feb 2011 17:04:52 -0800 Subject: [PATCH] bug 8726: escape ", ', &, <, > special chars in xml response status 8726: resolved fixed --- .../api/response/ApiResponseSerializer.java | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/server/src/com/cloud/api/response/ApiResponseSerializer.java b/server/src/com/cloud/api/response/ApiResponseSerializer.java index ddd899ccc21..1ff26ee1034 100644 --- a/server/src/com/cloud/api/response/ApiResponseSerializer.java +++ b/server/src/com/cloud/api/response/ApiResponseSerializer.java @@ -164,7 +164,7 @@ public class ApiResponseSerializer { }else if (fieldValue instanceof Date) { sb.append("<" + serializedName.value() + ">" + BaseCmd.getDateString((Date)fieldValue) + ""); } else { - sb.append("<" + serializedName.value() + ">" + fieldValue.toString() + ""); + sb.append("<" + serializedName.value() + ">" + escapeSpecialXmlChars(fieldValue.toString()) + ""); } } } catch (IllegalArgumentException e) { @@ -222,4 +222,26 @@ public class ApiResponseSerializer { return sb.toString(); } + + private static String escapeSpecialXmlChars(String originalString) { + char[] origChars = originalString.toCharArray(); + StringBuilder resultString = new StringBuilder(); + + for (char singleChar : origChars) { + if (singleChar == '"') { + resultString.append("""); + } else if (singleChar == '\'') { + resultString.append("'"); + } else if (singleChar == '<') { + resultString.append("<"); + } else if (singleChar == '>') { + resultString.append(">"); + } else if (singleChar == '&') { + resultString.append("&"); + } else { + resultString.append(singleChar); + } + } + return resultString.toString(); + } }