You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2022/11/24 09:25:12 UTC

[jspwiki] 06/08: XSS vulnerability reported by Eugene Lim and Sng Jay Kai.

This is an automated email from the ASF dual-hosted git repository.

brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git

commit 0b9a0149032170063f22d65e335dfd317db815ea
Author: brushed <di...@gmail.com>
AuthorDate: Thu Nov 24 10:24:10 2022 +0100

    XSS vulnerability reported by Eugene Lim and Sng Jay Kai.
---
 .../src/main/java/org/apache/wiki/plugin/BugReportHandler.java       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java b/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java
index 351c070fc..f3d7eff0a 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java
@@ -14,7 +14,7 @@
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
-    under the License.  
+    under the License.
  */
 package org.apache.wiki.plugin;
 
@@ -31,6 +31,7 @@ import org.apache.wiki.api.spi.Wiki;
 import org.apache.wiki.pages.PageManager;
 import org.apache.wiki.parser.MarkupParser;
 import org.apache.wiki.preferences.Preferences;
+import org.apache.wiki.util.TextUtil;
 
 import java.io.PrintWriter;
 import java.io.StringWriter;
@@ -141,7 +142,7 @@ public class BugReportHandler implements Plugin {
             out.close();
 
             //  Now create a new page for this bug report
-            final String pageName = findNextPage( context, title, params.get( PARAM_PAGE ) );
+            final String pageName = findNextPage( context, title, TextUtil.replaceEntities(params.get( PARAM_PAGE )) );
             final Page newPage = Wiki.contents().page( context.getEngine(), pageName );
             final Context newContext = context.clone();
             newContext.setPage( newPage );