You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2022/11/24 09:25:07 UTC

[jspwiki] 01/08: XSS vulnerability reported by Eugene Lim and Sng Jay Kai.

This is an automated email from the ASF dual-hosted git repository.

brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git

commit 82be08904a6d8bd22fa2d4e5a7e85f43408724d3
Author: brushed <di...@gmail.com>
AuthorDate: Thu Nov 24 10:18:41 2022 +0100

    XSS vulnerability reported by Eugene Lim and Sng Jay Kai.
---
 jspwiki-main/src/main/java/org/apache/wiki/forms/FormOpen.java | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/jspwiki-main/src/main/java/org/apache/wiki/forms/FormOpen.java b/jspwiki-main/src/main/java/org/apache/wiki/forms/FormOpen.java
index dfcd8a1fa..501acc453 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/forms/FormOpen.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/forms/FormOpen.java
@@ -1,4 +1,4 @@
-/* 
+/*
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
@@ -14,7 +14,7 @@
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
-    under the License.  
+    under the License.
  */
 package org.apache.wiki.forms;
 
@@ -26,6 +26,7 @@ import org.apache.wiki.api.exceptions.PluginException;
 import org.apache.wiki.api.plugin.Plugin;
 import org.apache.wiki.http.filter.CsrfProtectionFilter;
 import org.apache.wiki.preferences.Preferences;
+import org.apache.wiki.util.TextUtil;
 
 import java.text.MessageFormat;
 import java.util.Map;
@@ -80,13 +81,13 @@ public class FormOpen extends FormElement {
     @Override
     public String execute( final Context ctx, final Map< String, String > params ) throws PluginException {
         final ResourceBundle rb = Preferences.getBundle( ctx, Plugin.CORE_PLUGINS_RESOURCEBUNDLE );
-        final String formName = params.get( PARAM_FORM );
+        final String formName = TextUtil.replaceEntities( params.get( PARAM_FORM ) );
         if( formName == null ) {
             throw new PluginException( MessageFormat.format( rb.getString( "formopen.missingparam" ), PARAM_FORM ) );
         }
         final String hide     = params.get( PARAM_HIDEFORM );
         final String sourcePage = ctx.getPage().getName();
-        String submitServlet = params.get( PARAM_SUBMITHANDLER );
+        String submitServlet = TextUtil.replaceEntities( params.get( PARAM_SUBMITHANDLER ) );
         if( submitServlet == null )
             submitServlet = ctx.getURL( ContextEnum.PAGE_VIEW.getRequestContext(), sourcePage );