diff --git a/deps/rabbitmq_management/priv/www/js/main.js b/deps/rabbitmq_management/priv/www/js/main.js index e1b3fa2f53..9ad3488c4f 100644 --- a/deps/rabbitmq_management/priv/www/js/main.js +++ b/deps/rabbitmq_management/priv/www/js/main.js @@ -925,7 +925,16 @@ function toggle_visibility(item) { } function publish_msg(params0) { - var params = params_magic(params0); + try { + var params = params_magic(params0); + publish_msg0(params); + } catch (e) { + show_popup('warn', fmt_escape_html(e)); + return false; + } +} + +function publish_msg0(params) { var path = fill_path_template('/exchanges/:vhost/:name/publish', params); params['payload_encoding'] = 'string'; params['properties'] = {}; @@ -1095,7 +1104,7 @@ function sync_req(type, params0, path_template, options) { params = params_magic(params0); path = fill_path_template(path_template, params); } catch (e) { - show_popup('warn', e); + show_popup('warn', fmt_escape_html(e)); return false; } var req = xmlHttpRequest(); @@ -1154,7 +1163,7 @@ function check_bad_response(req, full_page_404) { if (typeof(error) != 'string') error = JSON.stringify(error); if (error == 'bad_request' || error == 'not_found' || error == 'not_authorised') { - show_popup('warn', reason); + show_popup('warn', fmt_escape_html(reason)); } else if (error == 'page_out_of_range') { var seconds = 60; if (last_page_out_of_range_error > 0) diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_db.erl b/deps/rabbitmq_management/src/rabbit_mgmt_db.erl index b8459b53ca..cfd755485b 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_db.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_db.erl @@ -381,10 +381,10 @@ detail_queue_stats(Ranges, Objs, Interval) -> Consumers = [{consumer_details, dict:fetch(consumer_stats, QueueData)}], StatsD = [{deliveries, detail_stats(QueueData, channel_queue_stats_deliver_stats, - deliver_get, second(Id), Ranges, Interval)}, + deliver_get, second(Id), Ranges, Interval)}, {incoming, detail_stats(QueueData, queue_exchange_stats_publish, - fine_stats, first(Id), Ranges, Interval)}], + fine_stats, first(Id), Ranges, Interval)}], {Pid, combine(Props, Obj) ++ Stats ++ StatsD ++ Consumers} end || Obj <- Objs]), diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_util.erl b/deps/rabbitmq_management/src/rabbit_mgmt_util.erl index 0914b9288f..14babb9ab4 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_util.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_util.erl @@ -560,7 +560,8 @@ http_to_amqp(MethodName, ReqData, Context, Transformers, Extra) -> bad_request(Error, ReqData1, Context) end; {error, Reason} -> - bad_request(Reason, ReqData1, Context) + bad_request(rabbit_mgmt_format:escape_html_tags(Reason), + ReqData1, Context) end end. diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_channel.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_channel.erl index 25d5fe62fd..a3c43f9cbe 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_channel.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_channel.erl @@ -43,8 +43,10 @@ resource_exists(ReqData, Context) -> end. to_json(ReqData, Context) -> + Payload = rabbit_mgmt_format:clean_consumer_details( + rabbit_mgmt_format:strip_pids(channel(ReqData))), rabbit_mgmt_util:reply( - maps:from_list(rabbit_mgmt_format:strip_pids(channel(ReqData))), + maps:from_list(Payload), ReqData, Context). is_authorized(ReqData, Context) -> diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_definitions.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_definitions.erl index 941d155ed6..81835e04fb 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_definitions.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_definitions.erl @@ -54,7 +54,7 @@ to_json(ReqData, Context) -> none -> all_definitions(ReqData, Context); not_found -> - rabbit_mgmt_util:bad_request(list_to_binary("vhost_not_found"), + rabbit_mgmt_util:bad_request(rabbit_data_coercion:to_binary("vhost_not_found"), ReqData, Context); _VHost -> vhost_definitions(ReqData, Context) @@ -70,7 +70,7 @@ all_definitions(ReqData, Context) -> export_binding(B, QNames)], {ok, Vsn} = application:get_key(rabbit, vsn), rabbit_mgmt_util:reply( - [{rabbit_version, list_to_binary(Vsn)}] ++ + [{rabbit_version, rabbit_data_coercion:to_binary(Vsn)}] ++ filter( [{users, rabbit_mgmt_wm_users:users()}, {vhosts, rabbit_mgmt_wm_vhosts:basic()}, @@ -106,7 +106,7 @@ vhost_definitions(ReqData, Context) -> export_binding(B, QNames)], {ok, Vsn} = application:get_key(rabbit, vsn), rabbit_mgmt_util:reply( - [{rabbit_version, list_to_binary(Vsn)}] ++ + [{rabbit_version, rabbit_data_coercion:to_binary(Vsn)}] ++ filter( [{policies, rabbit_mgmt_wm_policies:basic(ReqData)}, {queues, Qs}, @@ -155,7 +155,7 @@ accept(Body, ReqData, Context = #context{user = #user{username = Username}}) -> apply_defs(Body, Username, fun() -> {true, ReqData, Context} end, fun(E) -> rabbit_mgmt_util:bad_request(E, ReqData, Context) end); not_found -> - rabbit_mgmt_util:bad_request(list_to_binary("vhost_not_found"), + rabbit_mgmt_util:bad_request(rabbit_data_coercion:to_binary("vhost_not_found"), ReqData, Context); VHost -> apply_defs(Body, Username, fun() -> {true, ReqData, Context} end, @@ -209,9 +209,9 @@ apply_defs(Body, Username, SuccessFun, ErrorFun, VHost) -> end. format(#amqp_error{name = Name, explanation = Explanation}) -> - list_to_binary(rabbit_misc:format("~s: ~s", [Name, Explanation])); + rabbit_data_coercion:to_binary(rabbit_misc:format("~s: ~s", [Name, Explanation])); format(E) -> - list_to_binary(rabbit_misc:format("~p", [E])). + rabbit_data_coercion:to_binary(rabbit_misc:format("~p", [E])). get_all_parts(ReqData) -> get_all_parts(ReqData, []). @@ -301,7 +301,7 @@ for_all(Name, Username, All, VHost, Fun) -> M <- List, is_map(M)] end. -atomise_name(N) -> list_to_atom(binary_to_list(N)). +atomise_name(N) -> rabbit_data_coercion:to_atom(N). %%-------------------------------------------------------------------- @@ -312,9 +312,8 @@ add_parameter(Param, Username) -> Term = maps:get(value, Param, undefined), case rabbit_runtime_parameters:set(VHost, Comp, Key, Term, Username) of ok -> ok; - {error_string, E} -> S = rabbit_misc:format(" (~s/~s/~s)", - [VHost, Comp, Key]), - exit(list_to_binary(E ++ S)) + {error_string, E} -> S = rabbit_misc:format(" (~s/~s/~s)", [VHost, Comp, Key]), + exit(rabbit_data_coercion:to_binary(rabbit_mgmt_format:escape_html_tags(E ++ S))) end. add_global_parameter(Param, Username) -> @@ -339,7 +338,7 @@ add_policy(VHost, Param, Username) -> Username) of ok -> ok; {error_string, E} -> S = rabbit_misc:format(" (~s/~s)", [VHost, Key]), - exit(list_to_binary(E ++ S)) + exit(rabbit_data_coercion:to_binary(rabbit_mgmt_format:escape_html_tags(E ++ S))) end. add_vhost(VHost, Username) -> diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_healthchecks.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_healthchecks.erl index 97186dd5c3..cb47b53b3f 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_healthchecks.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_healthchecks.erl @@ -52,7 +52,9 @@ to_json(ReqData, Context) -> {badrpc, Err} -> failure(rabbit_mgmt_format:print("~p", Err), ReqData, Context); {error_string, Err} -> - failure(rabbit_mgmt_format:print(Err), ReqData, Context) + S = rabbit_mgmt_format:escape_html_tags( + rabbit_data_coercion:to_list(rabbit_mgmt_format:print(Err))), + failure(S, ReqData, Context) end. failure(Message, ReqData, Context) -> diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_parameter.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_parameter.erl index 27709f3064..f448645547 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_parameter.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_parameter.erl @@ -75,8 +75,10 @@ accept_content(ReqData, Context = #context{user = User}) -> ok -> {true, ReqData, Context}; {error_string, Reason} -> + S = rabbit_mgmt_format:escape_html_tags( + rabbit_data_coercion:to_list(Reason)), rabbit_mgmt_util:bad_request( - list_to_binary(Reason), ReqData, Context) + rabbit_data_coercion:to_binary(S), ReqData, Context) end end) end. diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue.erl index 0f957bf81e..7874a42491 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_queue.erl @@ -54,7 +54,8 @@ to_json(ReqData, Context) -> try [Q] = rabbit_mgmt_db:augment_queues( [queue(ReqData)], rabbit_mgmt_util:range_ceil(ReqData), full), - rabbit_mgmt_util:reply(rabbit_mgmt_format:strip_pids(Q), ReqData, Context) + Payload = rabbit_mgmt_format:clean_consumer_details(rabbit_mgmt_format:strip_pids(Q)), + rabbit_mgmt_util:reply(Payload, ReqData, Context) catch {error, invalid_range_parameters, Reason} -> rabbit_mgmt_util:bad_request(iolist_to_binary(Reason), ReqData, Context)