You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "Anil Gangolli (JIRA)" <ji...@apache.org> on 2008/12/17 18:23:19 UTC
[jira] Commented: (ROL-1766) Cross-site scripting vulnerability in
Roller search term treatment
[ https://issues.apache.org/roller/browse/ROL-1766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14476#action_14476 ]
Anil Gangolli commented on ROL-1766:
------------------------------------
This issue was originally surfaced and fixed in June 2008.
The issue is fixed in the trunk by the following revision: https://svn.apache.org/viewvc?view=rev&revision=668737
There is also a patch to the weblog.vm template that was circulated on roller mailing lists:
http://www.nabble.com/Please-tell-me-how-to-validate-the-search-string-that-appears-in-the-URL-tc18709716s12275.html#a18749289
This provides a way for users to fix this locally without upgrading to a more recent build.
However, neither fix has been put in any released version; it has not been backported to existing versions.
I will attach the patch for weblog.vm as of revision 662259 (in the above referenced e-mail) to this bug as well.
> Cross-site scripting vulnerability in Roller search term treatment
> ------------------------------------------------------------------
>
> Key: ROL-1766
> URL: https://issues.apache.org/roller/browse/ROL-1766
> Project: Roller
> Issue Type: Bug
> Components: Search
> Affects Versions: 2.3, 3.0, 3.1, 4.0
> Environment: any
> Reporter: Anil Gangolli
> Assignee: Roller Unassigned
>
> The search term submitted to Roller as the value of the "q" parameter on search requests (/search?q=query+terms) is echoed back in the default search form without escaping HTML tags.
> This can be converted to a cross-site scripting attack.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.