You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2019/09/03 18:21:12 UTC
[jspwiki] branch master updated: 2.11.0-M5-git-16 : Fixed
InfoContent.jsp vulnerability
This is an automated email from the ASF dual-hosted git repository.
brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
The following commit(s) were added to refs/heads/master by this push:
new d71ecf6 2.11.0-M5-git-16 : Fixed InfoContent.jsp vulnerability
d71ecf6 is described below
commit d71ecf657ef3366f1790d9f09364812c78f7f8c2
Author: brushed <di...@gmail.com>
AuthorDate: Tue Sep 3 20:20:41 2019 +0200
2.11.0-M5-git-16 : Fixed InfoContent.jsp vulnerability
---
ChangeLog | 8 ++++++++
jspwiki-main/src/main/java/org/apache/wiki/Release.java | 2 +-
jspwiki-war/src/main/webapp/templates/210/InfoContent.jsp | 6 ++----
.../src/main/webapp/templates/210/skins/CleanBlue/skin.css | 1 -
4 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 3feef2b..0775090 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2019-31-08 Dirk Frederickx (brushed AT apache DOT org)
+ * 2.11.0-M5-git-16
+
+ * Fixed InfoContent.jsp vulnerability in old jspwiki template (templates/211/...)
+ related to the rename parameter.
+
+
+2019-31-08 Dirk Frederickx (brushed AT apache DOT org)
+
* 2.11.0-M5-git-15
* Improve UI accessibility (ref. sonarcloud report)
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/Release.java b/jspwiki-main/src/main/java/org/apache/wiki/Release.java
index d034007..0c012d1 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/Release.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/Release.java
@@ -72,7 +72,7 @@ public final class Release {
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "15";
+ public static final String BUILD = "16";
/**
* This is the generic version string you should use when printing out the version. It is of
diff --git a/jspwiki-war/src/main/webapp/templates/210/InfoContent.jsp b/jspwiki-war/src/main/webapp/templates/210/InfoContent.jsp
index 2797207..f4cd8d6 100644
--- a/jspwiki-war/src/main/webapp/templates/210/InfoContent.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/InfoContent.jsp
@@ -41,9 +41,6 @@
String tabParam = (String)request.getParameter( "tab" );
if ( tabParam == null ) tabParam = "info";
- String parm_renameto = (String)request.getParameter( "renameto" );
- if( parm_renameto == null ) parm_renameto = wikiPage.getName();
-
String creationAuthor ="";
//FIXME -- seems not to work correctly for attachments !!
@@ -143,7 +140,8 @@
<p>
<input type="hidden" name="page" value="<wiki:Variable var='pagename' />" />
<input type="submit" name="rename" value="<fmt:message key='info.rename.submit' />" />
- <input type="text" name="renameto" value="<%= parm_renameto %>" size="40" />
+ <input type="text" name="renameto"
+ value="<c:out value='${param.renameto}' default='<%= wikiPage.getName() %>'/>" size="40" />
<input type="checkbox" name="references" checked="checked" />
<fmt:message key="info.updatereferrers"/>
diff --git a/jspwiki-war/src/main/webapp/templates/210/skins/CleanBlue/skin.css b/jspwiki-war/src/main/webapp/templates/210/skins/CleanBlue/skin.css
index 58c28e4..0e2f3d9 100644
--- a/jspwiki-war/src/main/webapp/templates/210/skins/CleanBlue/skin.css
+++ b/jspwiki-war/src/main/webapp/templates/210/skins/CleanBlue/skin.css
@@ -314,7 +314,6 @@ hr {
background: -ms-linear-gradient(left, #001C37, white);
background: -o-linear-gradient(left, #001C37, white);
background: -webkit-gradient(linear, 0 0, 100% 0, from(#001C37), to(white));
- background: -webkit-linear-gradient(to left, #001C37, white);
background: linear-gradient(to left, #001C37, white);
}
h2 .editsection,