You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2008/11/14 22:03:22 UTC
svn commit: r714139 - in /incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH: ChangeLog src/com/ecyrd/jspwiki/Release.java src/webdocs/scripts/jspwiki-common.js src/webdocs/scripts/jspwiki-edit.js

Author: brushed
Date: Fri Nov 14 13:03:21 2008
New Revision: 714139

URL: http://svn.apache.org/viewvc?rev=714139&view=rev
Log:
2.8.1-svn-12:        
        * [JSPWIKI-381] bug with periodicially refreshed sneak-preview in combination with section-edit mode. 
        * [JSPWIKI-384] Filter js-scripts from input fields and cookies.(xss vulnerability)

Modified:
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-common.js
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-edit.js

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog?rev=714139&r1=714138&r2=714139&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog Fri Nov 14 13:03:21 2008
@@ -1,3 +1,15 @@
+2008-11-13  Dirk Frederickx <di...@gmail.com>
+
+        * 2.8.1-svn-12
+        
+        * [JSPWIKI-381] fixed a bug with periodicially refreshed sneak-preview
+        while in section-edit mode. When section-edit was active,
+        linefeeds were inserted at every sneak-prev refresh.
+        
+        * [JSPWIKI-384] Filter js-scripts from input fields and cookies.
+        (xss vulnerability)
+        
+
 2008-11-06  Janne Jalkanen <ja...@apache.org>
 
         * 2.8.1-svn-11

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java?rev=714139&r1=714138&r2=714139&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java Fri Nov 14 13:03:21 2008
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "11";
+    public static final String     BUILD         = "12";
     
     /**
      *  This is the generic version string you should use

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-common.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-common.js?rev=714139&r1=714138&r2=714139&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-common.js (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-common.js Fri Nov 14 13:03:21 2008
@@ -64,7 +64,13 @@
 	trunc: function(size,elips){
 		if( !elips ) elips="...";
 		return (this.length<size) ? this : this.substring(0,size)+elips;
-	}
+	},
+	stripScripts: function(){
+		var text = this.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi, function(){
+		Â Â Â Â Â Â return '';
+		});
+		return text;
+Â Â },
 })
 
 // get text of a dhtml node
@@ -376,6 +382,7 @@
 		$('progressbar').setStyle('visibility','visible');
 		this.progressbar =
 		Wiki.jsonrpc.periodical(1000, this, ["progressTracker.getProgress",[progress],function(result){
+			result = result.stripScripts(); //xss vulnerability
 			if(!result.code) $('progressbar').getFirst().setStyle('width',result+'%').setHTML(result+'%');
 		}]);
 
@@ -828,6 +835,8 @@
 
 			var ul = new Element('ul',{'id':'recentItems'}).inject($('recentSearches').show());
 			this.recent.each(function(el){
+				// xss vulnerability JSPWIKI-384
+				el = el.stripScripts();				
 				new Element('a',{
 					'href':'#', 
 					'events': {'click':function(){ q.value = el; q.form.submit(); }}
@@ -898,7 +907,7 @@
 	},
 
 	submit: function(){ 
-		var v = this.query.value;
+		var v = this.query.value.stripScripts(); //xss vulnerability
 		if( v == this.query.defaultValue) this.query.value = '';
 		if( !this.recent ) this.recent=[];
 		if( !this.recent.test(v) ){
@@ -915,7 +924,7 @@
 	},
 
 	ajaxQuickSearch: function(){
-		var qv = this.query.value ;
+		var qv = this.query.value.stripScripts() ;
 		if( (qv==null) || (qv.trim()=="") || (qv==this.query.defaultValue) ) {
 			$('searchOutput').empty();
 			return;
@@ -1622,7 +1631,7 @@
 		if( !q && document.referrer.test("(?:\\?|&)(?:q|query)=([^&]*)","g") ) q = RegExp.$1;
 		if( !q ) return;
 
-		var words = decodeURIComponent(q);
+		var words = decodeURIComponent(q).stripScripts(); //xss vulnerability
 		words = words.replace( /\+/g, " " );
 		words = words.replace( /\s+-\S+/g, "" );
 		words = words.replace( /([\(\[\{\\\^\$\|\)\?\*\.\+])/g, "\\$1" ); //escape metachars

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-edit.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-edit.js?rev=714139&r1=714138&r2=714139&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-edit.js (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/webdocs/scripts/jspwiki-edit.js Fri Nov 14 13:03:21 2008
@@ -652,14 +652,14 @@
 		var	ta = this.textarea,	ma = this.mainarea;
 
 		if(ta.value == this.cacheTextarea) return;
-		this.cacheTextarea=ta.value;
+		this.cacheTextarea = ta.value;
 
 		if( this.sections ){
-			var	s = ta.value;
-			if( s.lastIndexOf("\n") + 1 != s.length ) ta.value += '\n';
-
-			s = ma.value;
-			ma.value = s.substring(0, ta.begin) + ta.value + s.substring(ta.end);
+			var	s = ma.value,
+				//insert \n to ensure the next line's !!!header remains at column 0.
+				addNewLine = ((ta.value.slice(-1) != '\n')  && (s.charAt(ta.end) =='!')) ? '\n' : '';
+			
+			ma.value = s.substring(0, ta.begin) + ta.value + addNewLine + s.substring(ta.end);
 			ta.end = ta.begin + ta.value.length;
 			this.onSectionLoad();  //refresh section-edit menu
 		}