You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by th...@apache.org on 2015/04/06 18:50:24 UTC
svn commit: r1671581 - in /lucene/dev/branches/branch_5x: ./ solr/
solr/CHANGES.txt solr/webapp/ solr/webapp/web/js/scripts/analysis.js
solr/webapp/web/js/scripts/schema-browser.js
Author: thelabdude
Date: Mon Apr 6 16:50:24 2015
New Revision: 1671581
URL: http://svn.apache.org/r1671581
Log:
SOLR-7346: Stored XSS in Admin UI Schema-Browser page and Analysis page
Modified:
lucene/dev/branches/branch_5x/ (props changed)
lucene/dev/branches/branch_5x/solr/ (props changed)
lucene/dev/branches/branch_5x/solr/CHANGES.txt (contents, props changed)
lucene/dev/branches/branch_5x/solr/webapp/ (props changed)
lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/analysis.js
lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/schema-browser.js
Modified: lucene/dev/branches/branch_5x/solr/CHANGES.txt
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/CHANGES.txt?rev=1671581&r1=1671580&r2=1671581&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/CHANGES.txt (original)
+++ lucene/dev/branches/branch_5x/solr/CHANGES.txt Mon Apr 6 16:50:24 2015
@@ -447,6 +447,8 @@ Other Changes
* SOLR-7290: Rename catchall _text field in data_driven_schema_configs
to _text_ (Steve Rowe)
+* SOLR-7346: Stored XSS in Admin UI Schema-Browser page and Analysis page (Mei Wang via Timothy Potter)
+
================== 5.0.0 ==================
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
Modified: lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/analysis.js
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/analysis.js?rev=1671581&r1=1671580&r2=1671581&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/analysis.js (original)
+++ lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/analysis.js Mon Apr 6 16:50:24 2015
@@ -80,7 +80,7 @@ sammy.get
{
fields.push
(
- '<option value="fieldname=' + field_name + '">' + field_name + '</option>'
+ '<option value="fieldname=' + field_name.esc() + '">' + field_name.esc() + '</option>'
);
}
if( 0 !== fields.length )
@@ -95,7 +95,7 @@ sammy.get
{
types.push
(
- '<option value="fieldtype=' + type_name + '">' + type_name + '</option>'
+ '<option value="fieldtype=' + type_name.esc() + '">' + type_name.esc() + '</option>'
);
}
if( 0 !== types.length )
Modified: lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/schema-browser.js
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/schema-browser.js?rev=1671581&r1=1671580&r2=1671581&view=diff
==============================================================================
--- lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/schema-browser.js (original)
+++ lucene/dev/branches/branch_5x/solr/webapp/web/js/scripts/schema-browser.js Mon Apr 6 16:50:24 2015
@@ -596,7 +596,7 @@ sammy.bind
{
fields.push
(
- '<option value="?field=' + field_name + '">' + field_name + '</option>'
+ '<option value="?field=' + field_name.esc() + '">' + field_name.esc() + '</option>'
);
}
if( 0 !== fields.length )
@@ -612,7 +612,7 @@ sammy.bind
{
dynamic_fields.push
(
- '<option value="?dynamic-field=' + type_name + '">' + type_name + '</option>'
+ '<option value="?dynamic-field=' + type_name.esc() + '">' + type_name.esc() + '</option>'
);
}
if( 0 !== dynamic_fields.length )
@@ -628,7 +628,7 @@ sammy.bind
{
types.push
(
- '<option value="?type=' + type_name + '">' + type_name + '</option>'
+ '<option value="?type=' + type_name.esc() + '">' + type_name.esc() + '</option>'
);
}
if( 0 !== types.length )