You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2008/11/20 21:24:54 UTC
svn commit: r719355 - in /incubator/jspwiki/trunk: ./ src/com/ecyrd/jspwiki/
src/webdocs/scripts/ src/webdocs/templates/default/
src/webdocs/templates/default/skins/PlainVanilla 800x600/
Author: brushed
Date: Thu Nov 20 12:24:53 2008
New Revision: 719355
URL: http://svn.apache.org/viewvc?rev=719355&view=rev
Log:
* 3.0.0-svn-10 -- merged from 2.8.1-svn-12
* [JSPWIKI-381] fixed a bug with periodicially refreshed sneak-preview
while in section-edit mode. When section-edit was active,
linefeeds were inserted at every sneak-prev refresh.
* [JSPWIKI-384] Filter js-scripts from input fields and cookies.
(xss vulnerability)
* Add new 800x600 plain vanilla skin
Added:
incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/
incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css
incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js
Modified:
incubator/jspwiki/trunk/ChangeLog
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js
incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js
incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp
incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css
Modified: incubator/jspwiki/trunk/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/ChangeLog?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/ChangeLog (original)
+++ incubator/jspwiki/trunk/ChangeLog Thu Nov 20 12:24:53 2008
@@ -1,3 +1,16 @@
+2008-11-20 Dirk Frederickx <di...@gmail.com>
+
+ * 3.0.0-svn-10 -- merged from 2.8.1-svn-12
+
+ * [JSPWIKI-381] fixed a bug with periodicially refreshed sneak-preview
+ while in section-edit mode. When section-edit was active,
+ linefeeds were inserted at every sneak-prev refresh.
+
+ * [JSPWIKI-384] Filter js-scripts from input fields and cookies.
+ (xss vulnerability)
+
+ * Added 800x600 plain-vanilla skin
+
2008-11-18 Harry Metske <me...@apache.org>
* 3.0.0-svn-9
Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java Thu Nov 20 12:24:53 2008
@@ -77,7 +77,7 @@
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "9";
+ public static final String BUILD = "10";
/**
* This is the generic version string you should use
Modified: incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js (original)
+++ incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js Thu Nov 20 12:24:53 2008
@@ -64,6 +64,12 @@
trunc: function(size,elips){
if( !elips ) elips="...";
return (this.length<size) ? this : this.substring(0,size)+elips;
+ },
+ stripScripts: function(){
+ var text = this.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi, function(){
+ return '';
+ });
+ return text;
}
})
@@ -376,6 +382,7 @@
$('progressbar').setStyle('visibility','visible');
this.progressbar =
Wiki.jsonrpc.periodical(1000, this, ["progressTracker.getProgress",[progress],function(result){
+ result = result.stripScripts(); //xss vulnerability
if(!result.code) $('progressbar').getFirst().setStyle('width',result+'%').setHTML(result+'%');
}]);
@@ -828,6 +835,8 @@
var ul = new Element('ul',{'id':'recentItems'}).inject($('recentSearches').show());
this.recent.each(function(el){
+ // xss vulnerability JSPWIKI-384
+ el = el.stripScripts();
new Element('a',{
'href':'#',
'events': {'click':function(){ q.value = el; q.form.submit(); }}
@@ -898,7 +907,7 @@
},
submit: function(){
- var v = this.query.value;
+ var v = this.query.value.stripScripts(); //xss vulnerability
if( v == this.query.defaultValue) this.query.value = '';
if( !this.recent ) this.recent=[];
if( !this.recent.test(v) ){
@@ -915,7 +924,7 @@
},
ajaxQuickSearch: function(){
- var qv = this.query.value ;
+ var qv = this.query.value.stripScripts() ;
if( (qv==null) || (qv.trim()=="") || (qv==this.query.defaultValue) ) {
$('searchOutput').empty();
return;
@@ -1622,7 +1631,7 @@
if( !q && document.referrer.test("(?:\\?|&)(?:q|query)=([^&]*)","g") ) q = RegExp.$1;
if( !q ) return;
- var words = decodeURIComponent(q);
+ var words = decodeURIComponent(q).stripScripts(); //xss vulnerability
words = words.replace( /\+/g, " " );
words = words.replace( /\s+-\S+/g, "" );
words = words.replace( /([\(\[\{\\\^\$\|\)\?\*\.\+])/g, "\\$1" ); //escape metachars
Modified: incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js (original)
+++ incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js Thu Nov 20 12:24:53 2008
@@ -655,11 +655,11 @@
this.cacheTextarea=ta.value;
if( this.sections ){
- var s = ta.value;
- if( s.lastIndexOf("\n") + 1 != s.length ) ta.value += '\n';
-
- s = ma.value;
- ma.value = s.substring(0, ta.begin) + ta.value + s.substring(ta.end);
+ var s = ma.value,
+ //insert \n to ensure the next line's !!!header remains at column 0.
+ addNewLine = ((ta.value.slice(-1) != '\n') && (s.charAt(ta.end) =='!')) ? '\n' : '';
+
+ ma.value = s.substring(0, ta.begin) + ta.value + addNewLine + s.substring(ta.end);
ta.end = ta.begin + ta.value.length;
this.onSectionLoad(); //refresh section-edit menu
}
Modified: incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp (original)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp Thu Nov 20 12:24:53 2008
@@ -78,7 +78,7 @@
%%collapsebox-closed
! [My Favorites|{$username}Favorites]
[{InsertPage page='{$username}Favorites' }]
-%% }]
+/% }]
</wiki:Translate>
</wiki:UserCheck>
Modified: incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css (original)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css Thu Nov 20 12:24:53 2008
@@ -222,7 +222,7 @@
.wikiform {
}
.wikiform tr {
- vertical-align:middle;
+ vertical-align:top;
}
.wikiform td {
}
Added: incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla%20800x600/skin.css?rev=719355&view=auto
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css (added)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css Thu Nov 20 12:24:53 2008
@@ -0,0 +1,13 @@
+#wikibody{width:750px;margin:1em auto;padding:.5em;}
+#header,#footer{padding:0;width:750px;}
+#header .applicationlogo{position:static;float:left;width:80px;}
+#header .breadcrumbs{float:none;}
+#favorites{width:150px;}
+#page,#wikibody.fav-left #page,#wikibody.fav-right #page{width:590px;}
+#collapseFavsWrapper #favorites{border:none;}
+#wikibody.fav-slide #page{width:750px;}
+/*
+#header .userbox{display:none;}
+#favorites .userbox{display:block;border:2px solid #ddd;}
+*/
+#pagecontent{width:100%;}
\ No newline at end of file
Added: incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla%20800x600/skin.js?rev=719355&view=auto
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js (added)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js Thu Nov 20 12:24:53 2008
@@ -0,0 +1,19 @@
+/**
+ ** Skin javascript extensions
+ **
+ **/
+
+/*
+if( RoundedCorners )
+{
+ var r = RoundedCorners;
+ r.register( "#header", ['bbbb', 'eee', 'ddd' ] );
+ r.register( "#footer", ['bbbb', 'eee', 'ddd' ] );
+
+ r.register( "#favorites", ['yyyy', 'eee', 'ddd'] );
+
+ r.register( ".commentbox",['yyyy', 'transparent', 'ddd'] );
+ r.register( ".tabmenu a", ['yynn', 'transparent', 'ddd'] );
+
+}
+*/
\ No newline at end of file