From: Stephen Webb Date: Fri, 25 Jul 2025 10:02:18 +1000 Subject: Escape any thread name '&' or '"' in html attribute data (#514) * Update change report [backport: Dropped unrelated changes about upstream v 1.5.0 from change-report-gh.md] Origin: upstream, https://github.com/apache/logging-log4cxx/commit/36d829e9f6c3f9f4f9a42e22df326a9ed7b6e373 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111879 --- src/main/cpp/htmllayout.cpp | 4 ++-- src/site/markdown/change-report-gh.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/cpp/htmllayout.cpp b/src/main/cpp/htmllayout.cpp index ed6e61d..8454c3c 100644 --- a/src/main/cpp/htmllayout.cpp +++ b/src/main/cpp/htmllayout.cpp @@ -98,9 +98,9 @@ void HTMLLayout::format(LogString& output, output.append(LOG4CXX_STR("getThreadName()); - output.append(threadName); + Transform::appendEscapingTags(output, threadName); output.append(LOG4CXX_STR(" thread\">")); - output.append(threadName); + Transform::appendEscapingTags(output, threadName); output.append(LOG4CXX_STR("")); output.append(LOG4CXX_EOL); diff --git a/src/site/markdown/change-report-gh.md b/src/site/markdown/change-report-gh.md index 587a984..ffc800f 100644 --- a/src/site/markdown/change-report-gh.md +++ b/src/site/markdown/change-report-gh.md @@ -524,9 +524,9 @@ AppenderPtr appender = log4cxx::cast(instance); | ![](images/fix.gif "fix") | helpers/object.h: DECLARE\_LOG4CXX\_OBJECT macro definition is missing virtual destructor declaration Fixes [LOGCXX-160](https://issues.apache.org/jira/browse/LOGCXX-160). | | | ![](images/fix.gif "fix") | Initialization of local static objects out of order on Linux Fixes [LOGCXX-159](https://issues.apache.org/jira/browse/LOGCXX-159). | | | ![](images/fix.gif "fix") | tolower not defined in stringhelper.cpp Fixes [LOGCXX-158](https://issues.apache.org/jira/browse/LOGCXX-158). | | -| ![](images/fix.gif "fix") | make install fails since @manual\_dest@ replacement is missing in Makefiles Fixes [LOGCXX-157](https://issues.apache.org/jira/browse/LOGCXX-157). | | -| ![](images/update.gif "update") | immediate flush in console appender Fixes [LOGCXX-156](https://issues.apache.org/jira/browse/LOGCXX-156). | | -| ![](images/update.gif "update") | Update source headers per new ASF header policy Fixes [LOGCXX-155](https://issues.apache.org/jira/browse/LOGCXX-155). | | +| ![](images/fix.gif "fix") | make install fails since \@manual_dest@ replacement is missing in Makefiles Fixes [LOGCXX-157](https://issues.apache.org/jira/browse/LOGCXX-157). | | +| ![](images/update.gif "update") | immediate flush in console appender Fixes [LOGCXX-156](https://issues.apache.org/jira/browse/LOGCXX-156). | | +| ![](images/update.gif "update") | Update source headers per new ASF header policy Fixes [LOGCXX-155](https://issues.apache.org/jira/browse/LOGCXX-155). | | | ![](images/add.gif "add") | Automate log4cxx site and doxygen generation and deployment Fixes [LOGCXX-153](https://issues.apache.org/jira/browse/LOGCXX-153). | | | ![](images/fix.gif "fix") | gcc warning about cast from \`const void\*' to \`log4cxx::helpers::Object\*' discards qualifiers from pointer target typ Fixes [LOGCXX-152](https://issues.apache.org/jira/browse/LOGCXX-152). | | | ![](images/fix.gif "fix") | Umlauts as literal in patternlayout won't be logged correct Fixes [LOGCXX-151](https://issues.apache.org/jira/browse/LOGCXX-151). | |