You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@lucene.apache.org by ja...@apache.org on 2015/08/24 11:38:30 UTC

svn commit: r1697341 - in /lucene/dev/branches/lucene_solr_5_3/solr: CHANGES.txt webapp/web/js/scripts/plugins.js

Author: janhoy
Date: Mon Aug 24 09:38:30 2015
New Revision: 1697341

URL: http://svn.apache.org/r1697341
Log:
SOLR-7949: Resolve XSS issue in Admin UI stats page (backport)

Modified:
    lucene/dev/branches/lucene_solr_5_3/solr/CHANGES.txt
    lucene/dev/branches/lucene_solr_5_3/solr/webapp/web/js/scripts/plugins.js

Modified: lucene/dev/branches/lucene_solr_5_3/solr/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/dev/branches/lucene_solr_5_3/solr/CHANGES.txt?rev=1697341&r1=1697340&r2=1697341&view=diff
==============================================================================
--- lucene/dev/branches/lucene_solr_5_3/solr/CHANGES.txt (original)
+++ lucene/dev/branches/lucene_solr_5_3/solr/CHANGES.txt Mon Aug 24 09:38:30 2015
@@ -8,6 +8,12 @@ caching, replication, and a web administ
 
 See http://lucene.apache.org/solr for more information.
 
+==================  5.3.1 ==================
+
+Bug Fixes
+----------------------
+
+* SOLR-7949: Resolve XSS issue in Admin UI stats page (David Chiu via janhoy)
 
 ==================  5.3.0 ==================
 
@@ -2213,7 +2219,7 @@ Other Changes
 
 ==================  4.10.2 ==================
 
-Bug FixesAnalyticsComponent
+Bug Fixes
 ----------------------
 
 * SOLR-6509: Solr start scripts interactive mode doesn't honor -z argument (Timothy Potter)

Modified: lucene/dev/branches/lucene_solr_5_3/solr/webapp/web/js/scripts/plugins.js
URL: http://svn.apache.org/viewvc/lucene/dev/branches/lucene_solr_5_3/solr/webapp/web/js/scripts/plugins.js?rev=1697341&r1=1697340&r2=1697341&view=diff
==============================================================================
--- lucene/dev/branches/lucene_solr_5_3/solr/webapp/web/js/scripts/plugins.js (original)
+++ lucene/dev/branches/lucene_solr_5_3/solr/webapp/web/js/scripts/plugins.js Mon Aug 24 09:38:30 2015
@@ -282,7 +282,7 @@ var render_plugin_data = function( plugi
   var entry_count = entries.length;
   for( var i = 0; i < entry_count; i++ )
   {
-    $( 'a[data-bean="' + entries[i] + '"]', frame_element )
+    $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element )
       .parent().addClass( 'expanded' );
   }