[activemq] branch master updated: AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[activemq] branch master updated: AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet

jbonofre-2
This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/master by this push:
     new 7441c6b  AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet
     new 14b0538  Merge pull request #411 from coheigea/AMQ-7339
7441c6b is described below

commit 7441c6b6035e4a86d6a32b39445d75a33802ec3e
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Fri Nov 8 12:04:57 2019 +0000

    AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet
---
 .../java/org/apache/activemq/transport/http/HttpTunnelServlet.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java b/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java
index e6dc7c9..193003f 100644
--- a/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java
+++ b/activemq-http/src/main/java/org/apache/activemq/transport/http/HttpTunnelServlet.java
@@ -197,7 +197,7 @@ public class HttpTunnelServlet extends HttpServlet {
         // Record the client's transport and ensure that it has not already registered; this is thread-safe and only allows one
         // thread to register the client
         if (clients.putIfAbsent(clientID, answer) != null) {
-            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "A session for clientID '" + clientID + "' has already been established");
+            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "A session for the given clientID has already been established");
             LOG.warn("A session for clientID '" + clientID + "' has already been established");
             return null;
         }
@@ -237,7 +237,7 @@ public class HttpTunnelServlet extends HttpServlet {
 
         // Ensure that the transport was not prematurely disposed.
         if (transport.isDisposed()) {
-            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "The session for clientID '" + clientID + "' was prematurely disposed");
+            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "The session for the given clientID was prematurely disposed");
             LOG.warn("The session for clientID '" + clientID + "' was prematurely disposed");
             return null;
         }