You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2013/06/19 11:47:07 UTC
svn commit: r866285 - /websites/production/commons/content/proper/commons-math/javadocs/api-1.2/index.html

Author: sebb
Date: Wed Jun 19 09:47:07 2013
New Revision: 866285

Log:
Apply fix for CVE-2013-1571, a frame injection attack

Modified:
    websites/production/commons/content/proper/commons-math/javadocs/api-1.2/index.html

Modified: websites/production/commons/content/proper/commons-math/javadocs/api-1.2/index.html
==============================================================================
--- websites/production/commons/content/proper/commons-math/javadocs/api-1.2/index.html (original)
+++ websites/production/commons/content/proper/commons-math/javadocs/api-1.2/index.html Wed Jun 19 09:47:07 2013
@@ -1,40 +1,76 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
-<!--NewPage-->
-<HTML>
-<HEAD>
-<!-- Generated by javadoc on Sat Apr 26 15:20:43 MST 2008-->
-<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<TITLE>
-Commons Math 1.2 API
-</TITLE>
-<SCRIPT type="text/javascript">
-    targetPage = "" + window.location.search;
-    if (targetPage != "" && targetPage != "undefined")
-        targetPage = targetPage.substring(1);
-    if (targetPage.indexOf(":") != -1)
-        targetPage = "undefined";
-    function loadFrames() {
-        if (targetPage != "" && targetPage != "undefined")
-             top.classFrame.location = top.targetPage;
-    }
-</SCRIPT>
-<NOSCRIPT>
-</NOSCRIPT>
-</HEAD>
-<FRAMESET cols="20%,80%" title="" onLoad="top.loadFrames()">
-<FRAMESET rows="30%,70%" title="" onLoad="top.loadFrames()">
-<FRAME src="overview-frame.html" name="packageListFrame" title="All Packages">
-<FRAME src="allclasses-frame.html" name="packageFrame" title="All classes and interfaces (except non-static nested types)">
-</FRAMESET>
-<FRAME src="overview-summary.html" name="classFrame" title="Package, class and interface descriptions" scrolling="yes">
-<NOFRAMES>
-<H2>
-Frame Alert</H2>
-
-<P>
-This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client.
-<BR>
-Link to<A HREF="overview-summary.html">Non-frame version.</A>
-</NOFRAMES>
-</FRAMESET>
-</HTML>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Sat Apr 26 15:20:43 MST 2008-->
+<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<TITLE>
+Commons Math 1.2 API
+</TITLE>
+<SCRIPT type="text/javascript">
+    targetPage = "" + window.location.search;
+    if (targetPage != "" && targetPage != "undefined")
+        targetPage = targetPage.substring(1);
+    if (targetPage.indexOf(":") != -1)
+        targetPage = "undefined";
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
+    function loadFrames() {
+        if (targetPage != "" && targetPage != "undefined")
+             top.classFrame.location = top.targetPage;
+    }
+</SCRIPT>
+<NOSCRIPT>
+</NOSCRIPT>
+</HEAD>
+<FRAMESET cols="20%,80%" title="" onLoad="top.loadFrames()">
+<FRAMESET rows="30%,70%" title="" onLoad="top.loadFrames()">
+<FRAME src="overview-frame.html" name="packageListFrame" title="All Packages">
+<FRAME src="allclasses-frame.html" name="packageFrame" title="All classes and interfaces (except non-static nested types)">
+</FRAMESET>
+<FRAME src="overview-summary.html" name="classFrame" title="Package, class and interface descriptions" scrolling="yes">
+<NOFRAMES>
+<H2>
+Frame Alert</H2>
+
+<P>
+This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client.
+<BR>
+Link to<A HREF="overview-summary.html">Non-frame version.</A>
+</NOFRAMES>
+</FRAMESET>
+</HTML>