You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ja...@apache.org on 2015/08/21 10:27:26 UTC
svn commit: r1696903 - in /lucene/dev/branches/branch_5x/solr: CHANGES.txt
webapp/web/js/scripts/plugins.js
Author: janhoy
Date: Fri Aug 21 08:27:25 2015
New Revision: 1696903
URL: http://svn.apache.org/r1696903
Log:
SOLR-7949: Resolve XSS issue in Admin UI stats page (backport)
Modified:
lucene/dev/branches/branch_5x/solr/CHANGES.txt
lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/plugins.js
Modified: lucene/dev/branches/branch_5x/solr/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/CHANGES.txt?rev=1696903&r1=1696902&r2=1696903&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/CHANGES.txt (original)
+++ lucene/dev/branches/branch_5x/solr/CHANGES.txt Fri Aug 21 08:27:25 2015
@@ -67,6 +67,8 @@ Bug Fixes
* SOLR-7941: multivalued params are concatenated when using config API (noble)
+* SOLR-7949: Resolve XSS issue in Admin UI stats page (David Chiu via janhoy)
+
Optimizations
----------------------
Modified: lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/plugins.js
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/plugins.js?rev=1696903&r1=1696902&r2=1696903&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/plugins.js (original)
+++ lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/plugins.js Fri Aug 21 08:27:25 2015
@@ -282,7 +282,7 @@ var render_plugin_data = function( plugi
var entry_count = entries.length;
for( var i = 0; i < entry_count; i++ )
{
- $( 'a[data-bean="' + entries[i] + '"]', frame_element )
+ $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element )
.parent().addClass( 'expanded' );
}