You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2014/12/04 17:18:23 UTC
wicket git commit: WICKET-5782 Missing escaping in
MultiFileUploadField.js - sort of XSS
Repository: wicket
Updated Branches:
refs/heads/wicket-6.x 4bec79ffc -> 354e07129
WICKET-5782 Missing escaping in MultiFileUploadField.js - sort of XSS
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/354e0712
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/354e0712
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/354e0712
Branch: refs/heads/wicket-6.x
Commit: 354e07129e587043d1eba32e08b0d82c4fc404e0
Parents: 4bec79f
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Thu Dec 4 17:17:48 2014 +0100
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Thu Dec 4 17:17:48 2014 +0100
----------------------------------------------------------------------
.../html/form/upload/MultiFileUploadField.java | 3 +--
.../html/form/upload/MultiFileUploadField.js | 20 +++++++++++++++++++-
2 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/354e0712/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.java
index 179151f..450a42d 100644
--- a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.java
+++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.java
@@ -53,8 +53,7 @@ import org.apache.wicket.util.upload.FileItem;
* be processed within the request they were uploaded.
*
* Uses javascript implementation from
- * http://the-stickman.com/web-development/javascript/upload-multiple
- * -files-with-a-single-file-element/
+ * http://the-stickman.com/web-development/javascript/upload-multiple-files-with-a-single-file-element/
*
* For customizing caption text see {@link #RESOURCE_LIMITED} and {@link #RESOURCE_UNLIMITED}
*
http://git-wip-us.apache.org/repos/asf/wicket/blob/354e0712/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.js
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.js b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.js
index 6278e16..8b49b6c 100644
--- a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.js
+++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/upload/MultiFileUploadField.js
@@ -196,10 +196,28 @@ function MultiSelector( eprefix, list_target, max, useMultipleAttr, del_label ){
this.getOnlyFileName = function(stringValue)
{
+ var toEscape = {
+ "&": "&",
+ "<": "<",
+ ">": ">",
+ '"': '"',
+ "'": '''
+ };
+
+ function replaceChar(char) {
+ return toEscape[char] || char;
+ }
+
+ function htmlEscape(fileName) {
+ return fileName.replace(/[&<>'"]/g, replaceChar);
+ }
+
var separatorIndex1 = stringValue.lastIndexOf('\\');
var separatorIndex2 = stringValue.lastIndexOf('/');
separatorIndex1 = Math.max(separatorIndex1, separatorIndex2);
- return separatorIndex1 >= 0 ? stringValue.slice(separatorIndex1 + 1, stringValue.length) : stringValue;
+ var fileName = separatorIndex1 >= 0 ? stringValue.slice(separatorIndex1 + 1, stringValue.length) : stringValue;
+ fileName = htmlEscape(fileName);
+ return fileName;
};
}