You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2020/02/03 15:15:18 UTC

[activemq] branch master updated: AMQ-7231 - Fix XSS in WebConsole

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/master by this push:
     new 81bd743  AMQ-7231 - Fix XSS in WebConsole
     new c0e17a3  Merge pull request #429 from coheigea/AMQ-7231
81bd743 is described below

commit 81bd743eaa243f0cc5dfbb1342cee1fef1fc5df2
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jan 23 12:34:17 2020 +0000

    AMQ-7231 - Fix XSS in WebConsole
---
 activemq-web-console/src/main/webapp/browse.jsp   |  2 +-
 activemq-web-console/src/main/webapp/js/common.js | 13 -------------
 activemq-web-console/src/main/webapp/message.jsp  | 20 ++++++++++++++++++--
 3 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/activemq-web-console/src/main/webapp/browse.jsp b/activemq-web-console/src/main/webapp/browse.jsp
index 0e18e15..ce093e4 100644
--- a/activemq-web-console/src/main/webapp/browse.jsp
+++ b/activemq-web-console/src/main/webapp/browse.jsp
@@ -50,7 +50,7 @@
 <td><a href="<c:url value="message.jsp">
                  <c:param name="id" value="${row.JMSMessageID}" />
                  <c:param name="JMSDestination" value="${requestContext.queueBrowser.JMSDestination}"/></c:url>"
-    title="${row.properties}">${row.JMSMessageID}</a></td>
+    title="<c:out value="${row.properties}"/>">${row.JMSMessageID}</a></td>
 <td><c:out value="${row.JMSCorrelationID}"/></td>
 <td><jms:persistent message="${row}"/></td>
 <td><c:out value="${row.JMSPriority}"/></td>
diff --git a/activemq-web-console/src/main/webapp/js/common.js b/activemq-web-console/src/main/webapp/js/common.js
index e20a34f..a4f6921 100644
--- a/activemq-web-console/src/main/webapp/js/common.js
+++ b/activemq-web-console/src/main/webapp/js/common.js
@@ -106,16 +106,3 @@ function getEventTarget(e) {
 	return targ;
 }
 
-function confirmAction(id, url) {
-	//TODO i18n messages
-	var select = document.getElementById(id);
-	var selectedIndex = select.selectedIndex; 
-	if (select.selectedIndex == 0) {
-		alert("Please select a value");
-		return;
-	}
-	var value = select.options[selectedIndex].value;
-	url = url.replace(/%target%/gi, value);
-	if (confirm("Are you sure?"))
-	  location.href=url;
-}
\ No newline at end of file
diff --git a/activemq-web-console/src/main/webapp/message.jsp b/activemq-web-console/src/main/webapp/message.jsp
index 7563d06..262dc5e 100644
--- a/activemq-web-console/src/main/webapp/message.jsp
+++ b/activemq-web-console/src/main/webapp/message.jsp
@@ -151,7 +151,7 @@ No message could be found for ID <c:out value="${requestContext.messageQuery.id}
                        </tr>
                     </c:if>
                     <tr class="odd">
-                    <td><a href="<c:out value="javascript:confirmAction('queue', 'copyMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')">Copy</a></td>
+                    <td><a href="<c:out value="javascript:confirmAction('queue', 'copyMessage"/>')">Copy</a></td>
                         <td rowspan="2">
                             <select id="queue">
                                 <option value=""> -- Please select --</option>
@@ -165,7 +165,7 @@ No message could be found for ID <c:out value="${requestContext.messageQuery.id}
 
                     </tr>
                     <tr class="odd">
-                        <td><a href="<c:out value="javascript:confirmAction('queue', 'moveMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')"
+                        <td><a href="<c:out value="javascript:confirmAction('queue', 'moveMessage"/>')"
                             >Move</a></td>
                     </tr>
                 </tbody>
@@ -225,6 +225,22 @@ function selectOptionByText (selElem, selText) {
     }
 }
 
+function confirmAction(id, action) {
+	//TODO i18n messages
+	var select = document.getElementById(id);
+	var selectedIndex = select.selectedIndex; 
+	if (select.selectedIndex == 0) {
+		alert("Please select a value");
+		return;
+	}
+	var value = select.options[selectedIndex].value;
+	var url = action + ".action?destination=" + value;
+	url += "&JMSDestination=${requestContext.messageQuery.JMSDestination}";
+	url += "&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}";
+	if (confirm("Are you sure?"))
+	  location.href=url;
+}
+
 window.onload=function() {
 	sortSelect( document.getElementById('queue') );
 	selectOptionByText( document.getElementById('queue'), "-- Please select --" );