You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2019/08/27 21:21:08 UTC
[jspwiki] branch master updated: 2.11.0-M5-git-14 : XSS
vulnerability (page rename)
This is an automated email from the ASF dual-hosted git repository.
brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
The following commit(s) were added to refs/heads/master by this push:
new e048925 2.11.0-M5-git-14 : XSS vulnerability (page rename)
e048925 is described below
commit e0489255d6fda3658800221833c263cb1629ddc3
Author: brushed <di...@gmail.com>
AuthorDate: Tue Aug 27 23:20:51 2019 +0200
2.11.0-M5-git-14 : XSS vulnerability (page rename)
---
ChangeLog | 8 ++++++++
jspwiki-main/src/main/java/org/apache/wiki/Release.java | 2 +-
.../test/java/org/apache/wiki/auth/acl/AclImplTest.java | 2 +-
jspwiki-war/src/main/scripts/util/extend-element.js | 17 ++++++++++-------
.../src/main/webapp/templates/default/AJAXSearch.jsp | 10 +++++-----
.../src/main/webapp/templates/default/InfoContent.jsp | 6 ++----
6 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 23fec4c..b03769d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2019-27-08 Dirk Frederickx (brushed AT apache DOT org)
+
+ * 2.11.0-M5-git-14
+
+ * XSS vulnerability on the page rename parameter
+
+ * Few sonarcloud fixes
+
2019-24-08 Dirk Frederickx (brushed AT apache DOT org)
* 2.11.0-M5-git-13
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/Release.java b/jspwiki-main/src/main/java/org/apache/wiki/Release.java
index c107259..709ac35 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/Release.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/Release.java
@@ -72,7 +72,7 @@ public final class Release {
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "13";
+ public static final String BUILD = "14";
/**
* This is the generic version string you should use when printing out the version. It is of
diff --git a/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/AclImplTest.java b/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/AclImplTest.java
index c9cfebc..41c2e5a 100644
--- a/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/AclImplTest.java
+++ b/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/AclImplTest.java
@@ -248,7 +248,7 @@ public class AclImplTest
ObjectInputStream in = new ObjectInputStream( new ByteArrayInputStream(stuff) );
AclImpl newacl = (AclImpl) in.readObject();
- assert( newacl.toString().equals(m_acl.toString()) );
+ Assertions.assertEquals( newacl.toString(), m_acl.toString() );
}
}
diff --git a/jspwiki-war/src/main/scripts/util/extend-element.js b/jspwiki-war/src/main/scripts/util/extend-element.js
index 176a8f3..5f136b1 100644
--- a/jspwiki-war/src/main/scripts/util/extend-element.js
+++ b/jspwiki-war/src/main/scripts/util/extend-element.js
@@ -22,7 +22,7 @@
/*global $, $$ */
// ELEMENT
-// convienience dom manipulation functions
+// convenience dom manipulation functions
// FFS: patch on Element.prototype; or global $ namespace
$.replaces = function (newElement, existingElement) {
@@ -45,6 +45,12 @@ $.remove = function (selector, context) {
// syntax sugar for element.classList add/remove ; and polyfill for ie11
// FIMXE better function on element.addClass and [el1,el2...].addClass ...
+$.hasClass = function (element, clazz) {
+
+ //return element.classList.contains(clazz)
+ return element.matches("." + clazz);
+}
+
$.addClass = function (elements, clazz) {
element.classList.add(clazz);
@@ -68,23 +74,19 @@ if (!!document.createElement('div').classList) {
}
}
-$.hasClass = function (element, clazz) {
-
- //return element.classList.contains(clazz)
- return element.matches("." + clazz);
-}
//credit: mootools more
$.isVisible = function (element) {
var w = element.offsetWidth,
h = element.offsetHeight;
+
return (w == 0 && h == 0) ? false : (w > 0 && h > 0) ? true : element.style.display != 'none';
}
/*
Function: ifClass
- Add and/or remove a css class from an element depending on a condition.
+ Add and/or remove a css class from an element depending on a condition flag.
Arguments:
flag : (boolean)
@@ -98,6 +100,7 @@ Examples:
> $.ifClass($("page"), i > 5, "hideMe" );
> $("page")._.ifClass($("page"), i > 5, "hideMe" );
*/
+//$.ifClass = function (element, flag, trueClass = "", falseClass = "") {
$.ifClass = function (element, flag, trueClass, falseClass) {
trueClass = trueClass || "";
diff --git a/jspwiki-war/src/main/webapp/templates/default/AJAXSearch.jsp b/jspwiki-war/src/main/webapp/templates/default/AJAXSearch.jsp
index 12c94f2..e9d010e 100644
--- a/jspwiki-war/src/main/webapp/templates/default/AJAXSearch.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/AJAXSearch.jsp
@@ -109,15 +109,15 @@
<p>
<fmt:message key="find.externalsearch"/>
- <a class="external"
+ <a class="external"
href="http://www.google.com/search?q=<c:out value='${param.query}'/>"
title="Google Search '<c:out value='${param.query}'/>'"
- target="_blank">Google</a><img class="outlink" src="images/out.png" alt="" />
+ target="_blank">Google</a>
|
<a class="external"
href="http://en.wikipedia.org/wiki/Special:Search?search=<c:out value='${param.query}'/>"
title="Wikipedia Search '<c:out value='${param.query}'/>'"
- target="_blank">Wikipedia</a><img class="outlink" src="images/out.png" alt="" />
+ target="_blank">Wikipedia</a>
</p>
<wiki:SetPagination start="${param.start}" total="<%=list.size()%>" pagesize="20" maxlinks="9"
@@ -129,8 +129,8 @@
<table class="wikitable table-striped" >
<tr>
- <th scope="col" align="left"><fmt:message key="find.results.page"/></th>
- <th scope="col" align="left"><fmt:message key="find.results.score"/></th>
+ <th scope="col"><fmt:message key="find.results.page"/></th>
+ <th scope="col"><fmt:message key="find.results.score"/></th>
</tr>
<wiki:SearchResultIterator id="searchref" start="${param.start}" maxItems="<%=maxitems%>">
diff --git a/jspwiki-war/src/main/webapp/templates/default/InfoContent.jsp b/jspwiki-war/src/main/webapp/templates/default/InfoContent.jsp
index 2af3af9..42a2454 100644
--- a/jspwiki-war/src/main/webapp/templates/default/InfoContent.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/InfoContent.jsp
@@ -39,9 +39,6 @@
String attTitle = LocaleSupport.getLocalizedMessage(pageContext, "attach.tab");
if( attCount != 0 ) attTitle += " (" + attCount + ")";
- String parm_renameto = (String)request.getParameter( "renameto" );
- if( parm_renameto == null ) parm_renameto = wikiPage.getName();
-
String creationAuthor ="";
//FIXME -- seems not to work correctly for attachments !!
@@ -123,7 +120,8 @@
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input class="btn btn-success" type="submit" name="rename" value="<fmt:message key='info.rename.submit' />" />
- <input class="form-control form-col-50" type="text" name="renameto" value="<%= parm_renameto %>" size="40" />
+ <input class="form-control form-col-50" type="text" name="renameto"
+ value="<c:out value='${param.renameto}' default='<%= wikiPage.getName() %>'/>" size="40" />
<label class="btn btn-default" for="references">
<input type="checkbox" name="references" id="references" checked="checked" />
<fmt:message key="info.updatereferrers"/>