[FIXED JENKINS-19548] use commons-lang for properly escaping xml in changelog.xml files

Rob Petti · Rob Petti · commit 7c67b467cf8c · 2013-09-11T12:38:05.000-06:00
diff --git a/src/main/java/hudson/plugins/perforce/PerforceChangeLogSet.java b/src/main/java/hudson/plugins/perforce/PerforceChangeLogSet.java
@@ -13,6 +13,7 @@
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.kohsuke.stapler.framework.io.WriterOutputStream;
 
 /**
@@ -69,27 +70,27 @@ public static void saveToChangeLog(OutputStream outputStream, List<Changelist> c
         for (Changelist change : changes) {
             stream.println("\t<entry>");
             stream.println("\t\t<changenumber>" + change.getChangeNumber() + "</changenumber>");
-            stream.println("\t\t<date>" + Util.xmlEscape(PerforceChangeLogParser.javaDateToStringDate(change.getDate())) + "</date>");
-            stream.println("\t\t<description>" + Util.xmlEscape(change.getDescription()) + "</description>");
-            stream.println("\t\t<user>" + Util.xmlEscape(change.getUser()) + "</user>");
-            stream.println("\t\t<workspace>" + Util.xmlEscape(change.getWorkspace()) + "</workspace>");
+            stream.println("\t\t<date>" + StringEscapeUtils.escapeXml(PerforceChangeLogParser.javaDateToStringDate(change.getDate())) + "</date>");
+            stream.println("\t\t<description>" + StringEscapeUtils.escapeXml(change.getDescription()) + "</description>");
+            stream.println("\t\t<user>" + StringEscapeUtils.escapeXml(change.getUser()) + "</user>");
+            stream.println("\t\t<workspace>" + StringEscapeUtils.escapeXml(change.getWorkspace()) + "</workspace>");
             stream.println("\t\t<files>");
             for (Changelist.FileEntry entry : change.getFiles()) {
                 stream.println("\t\t\t<file>");
-                stream.println("\t\t\t\t<name>" + Util.xmlEscape(entry.getFilename()) + "</name>");
-                stream.println("\t\t\t\t<workspacePath>" + Util.xmlEscape(entry.getWorkspacePath()) + "</workspacePath>");
-                stream.println("\t\t\t\t<rev>" + Util.xmlEscape(entry.getRevision()) + "</rev>");
-                stream.println("\t\t\t\t<changenumber>" + Util.xmlEscape(entry.getChangenumber()) + "</changenumber>");
+                stream.println("\t\t\t\t<name>" + StringEscapeUtils.escapeXml(entry.getFilename()) + "</name>");
+                stream.println("\t\t\t\t<workspacePath>" + StringEscapeUtils.escapeXml(entry.getWorkspacePath()) + "</workspacePath>");
+                stream.println("\t\t\t\t<rev>" + StringEscapeUtils.escapeXml(entry.getRevision()) + "</rev>");
+                stream.println("\t\t\t\t<changenumber>" + StringEscapeUtils.escapeXml(entry.getChangenumber()) + "</changenumber>");
                 stream.println("\t\t\t\t<action>" + entry.getAction() + "</action>");
                 stream.println("\t\t\t</file>");
             }
             stream.println("\t\t</files>");
             stream.println("\t\t<jobs>");
             for (Changelist.JobEntry entry : change.getJobs()) {
                 stream.println("\t\t\t<job>");
-                stream.println("\t\t\t\t<name>" + Util.xmlEscape(entry.getJob()) + "</name>");
-                stream.println("\t\t\t\t<description>" + Util.xmlEscape(entry.getDescription()) + "</description>");
-                stream.println("\t\t\t\t<status>" + Util.xmlEscape(entry.getStatus()) + "</status>");
+                stream.println("\t\t\t\t<name>" + StringEscapeUtils.escapeXml(entry.getJob()) + "</name>");
+                stream.println("\t\t\t\t<description>" + StringEscapeUtils.escapeXml(entry.getDescription()) + "</description>");
+                stream.println("\t\t\t\t<status>" + StringEscapeUtils.escapeXml(entry.getStatus()) + "</status>");
                 stream.println("\t\t\t</job>");
             }
             stream.println("\t\t</jobs>");
diff --git a/src/test/java/hudson/plugins/perforce/PerforceChangeLogParserTest.java b/src/test/java/hudson/plugins/perforce/PerforceChangeLogParserTest.java
@@ -27,7 +27,7 @@ public void testSaveAndLoadChangeLogSet() throws Exception {
         List<Changelist> changes = new ArrayList<Changelist>();
         Changelist cl = new Changelist();
         cl.setChangeNumber(1000);
-        cl.setDescription("test change");
+        cl.setDescription("test change <this is broken XML&>");
         cl.setUser("test.user");
         cl.setWorkspace("test_workspace");
         List<Changelist.FileEntry> files = new ArrayList<Changelist.FileEntry>();
@@ -53,7 +53,7 @@ public void testSaveAndLoadChangeLogSet() throws Exception {
         jobEntry.setStatus("submitted");
         jobs.add(jobEntry);
         jobEntry = new Changelist.JobEntry();
-        jobEntry.setDescription("test job2");
+        jobEntry.setDescription("test job2 <!--Contains some nonsense-->\n<[[ like, really broken ]]>\n");
         jobEntry.setJob("test-job2");
         jobEntry.setStatus("rejected");
         jobs.add(jobEntry);
