You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2022/07/14 18:00:01 UTC
[jspwiki] branch master updated (52274290c -> 7d6097994)
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
from 52274290c forgot to add -y on apt upgrade
new 1d9c4410d Bring CSRF protection to group management JSPs
new 0f0054d3e use log placeholders
new c25bf3f81 Dependency updates
new c9b544b9d Update LICENSE's versions
new fb705250c add default application name on <title> element to templates' templates
new 9dbca5af0 Main as default frontpage if none is defined
new 7d6097994 2.11.3-git-10
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
ChangeLog.md | 14 +++++++++
LICENSE | 4 +--
.../src/main/java/org/apache/wiki/api/Release.java | 2 +-
.../wiki/http/filter/CsrfProtectionFilter.java | 31 ++++++++++++-------
.../wiki/auth/DefaultAuthorizationManager.java | 35 +++++++++++-----------
jspwiki-war/src/main/webapp/Captcha.jsp | 2 +-
jspwiki-war/src/main/webapp/DeleteGroup.jsp | 6 ++++
jspwiki-war/src/main/webapp/EditGroup.jsp | 15 +++++-----
jspwiki-war/src/main/webapp/Error.jsp | 2 +-
jspwiki-war/src/main/webapp/NewGroup.jsp | 5 ++++
jspwiki-war/src/main/webapp/admin/Admin.jsp | 2 +-
.../src/main/webapp/admin/SecurityConfig.jsp | 4 +--
.../src/main/webapp/templates/210/EditTemplate.jsp | 4 +--
.../main/webapp/templates/210/UploadTemplate.jsp | 2 +-
.../src/main/webapp/templates/210/ViewTemplate.jsp | 2 +-
.../main/webapp/templates/default/EditTemplate.jsp | 4 +--
.../src/main/webapp/templates/default/Header.jsp | 2 +-
.../webapp/templates/default/UploadTemplate.jsp | 2 +-
.../main/webapp/templates/default/ViewTemplate.jsp | 2 +-
.../main/webapp/templates/reader/ViewTemplate.jsp | 2 +-
pom.xml | 10 +++----
21 files changed, 94 insertions(+), 58 deletions(-)
[jspwiki] 07/07: 2.11.3-git-10
Posted by ju...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 7d60979947040bfcc800a422ee0f4ed117b31f6a
Author: Juan Pablo Santos Rodríguez <ju...@gmail.com>
AuthorDate: Thu Jul 14 19:58:40 2022 +0200
2.11.3-git-10
---
ChangeLog.md | 14 ++++++++++++++
jspwiki-api/src/main/java/org/apache/wiki/api/Release.java | 2 +-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ChangeLog.md b/ChangeLog.md
index d5f8252c6..9835a5665 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -17,6 +17,20 @@ specific language governing permissions and limitations
under the License.
-->
+**2022-07-14 Juan Pablo Santos (juanpablo AT apache DOT org)**
+
+* _2.11.3-git-10_
+
+* Bring CSRF protection to group management JSPs
+
+* Add default application name on `<title>` elements to templates' templates, and `Main` as default frontpage is none is defined on default template
+
+* Dependency updates
+ * Parent to Apache Parent 27
+ * Jetty to 9.4.48.v20220622 - closes [#199](https://github.com/apache/jspwiki/pull/199)
+ * Mockito to 4.6.1 - closes [#198](https://github.com/apache/jspwiki/pull/198)
+ * Maven plugins: release to 3.0.0-M6 (closes [#201](https://github.com/apache/jspwiki/pull/201), thanks to dependabot), junit5-tree-reporter to 1.0.1 (closes [#200](https://github.com/apache/jspwiki/pull/200), thanks to dependabot)
+
**2022-07-12 Juan Pablo Santos (juanpablo AT apache DOT org)**
* _2.11.3-git-09_
diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
index 9ef68f1fa..d2b8a9245 100644
--- a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
+++ b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
@@ -69,7 +69,7 @@ public final class Release {
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "09";
+ public static final String BUILD = "10";
/**
* This is the generic version string you should use when printing out the version. It is of
[jspwiki] 03/07: Dependency updates
Posted by ju...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit c25bf3f8196a483a17a68ea1aec58e502cb17e43
Author: Juan Pablo Santos Rodríguez <ju...@gmail.com>
AuthorDate: Thu Jul 14 19:40:24 2022 +0200
Dependency updates
* parent to apache parent 27
* jetty to 9.4.48.v20220622
* mockito to 4.6.1
* maven plugins: release to 3.0.0-M6, junit5-tree-reporter to 1.0.1
closes #198, closes #199, closes #200 and closes #201, thanks to dependabot
---
pom.xml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/pom.xml b/pom.xml
index 3dc46b703..41619809f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>26</version>
+ <version>27</version>
</parent>
<groupId>org.apache.jspwiki</groupId>
@@ -65,12 +65,12 @@
<javax-jsp-api.version>2.3.3</javax-jsp-api.version>
<javax-servlet-api.version>3.1.0</javax-servlet-api.version>
<jdom2.version>2.0.6</jdom2.version>
- <jetty.version>9.4.46.v20220331</jetty.version>
+ <jetty.version>9.4.48.v20220622</jetty.version>
<jrcs-diff.version>0.4.2</jrcs-diff.version>
<junit.version>5.8.2</junit.version>
<log4j2.version>2.18.0</log4j2.version>
<lucene.version>8.11.2</lucene.version> <!-- 9.0.0 and above require JDK >= 11 to execute -->
- <mockito.version>4.5.1</mockito.version>
+ <mockito.version>4.6.1</mockito.version>
<nekohtml.version>2.0.2</nekohtml.version> <!-- 2.1.0 and above require JDK >= 11 to execute -->
<oro.version>2.0.8</oro.version>
<sandler.version>0.5</sandler.version>
@@ -93,11 +93,11 @@
<plugin.javadoc.version>3.4.0</plugin.javadoc.version>
<plugin.jxr.version>3.2.0</plugin.jxr.version>
<plugin.project-info-reports.version>3.3.0</plugin.project-info-reports.version>
- <plugin.release.version>3.0.0-M5</plugin.release.version>
+ <plugin.release.version>3.0.0-M6</plugin.release.version>
<plugin.resources.version>3.2.0</plugin.resources.version>
<plugin.source.version>3.2.1</plugin.source.version>
<plugin.surefire.version>3.0.0-M7</plugin.surefire.version>
- <plugin.surefire.junit5-tree-reporter.version>0.1.0</plugin.surefire.junit5-tree-reporter.version>
+ <plugin.surefire.junit5-tree-reporter.version>1.0.1</plugin.surefire.junit5-tree-reporter.version>
<plugin.war.version>3.3.2</plugin.war.version>
<plugin.inmemdb.version>1.4.3</plugin.inmemdb.version>
<plugin.jspc.version>3.2.0</plugin.jspc.version>
[jspwiki] 04/07: Update LICENSE's versions
Posted by ju...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit c9b544b9d6592f6a500fc37e5c1d65ce51a68cbd
Author: Juan Pablo Santos Rodríguez <ju...@gmail.com>
AuthorDate: Thu Jul 14 19:41:26 2022 +0200
Update LICENSE's versions
---
LICENSE | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/LICENSE b/LICENSE
index 3c8831631..7a12a38a9 100644
--- a/LICENSE
+++ b/LICENSE
@@ -285,9 +285,9 @@ commons-el-1.0.jar LICENSE
custom_rhino-0.4.3.jar ./jspwiki-war/src/main/config/doc/LICENSE.mpl
hsqldb-2.6.1.jar ./jspwiki-war/src/main/config/doc/LICENSE.hsqldb
sqltool-2.6.1.jar ./jspwiki-war/src/main/config/doc/LICENSE.hsqldb
-jetty-all-9.4.46.v20220331.jar LICENSE
+jetty-all-9.4.48.v20220622.jar LICENSE
junit-5.8.2 ./jspwiki-war/src/main/config/doc/LICENSE.cpl
-mockito-core-4.5.1.jar ./jspwiki-war/src/main/config/doc/LICENSE.mit
+mockito-core-4.6.1.jar ./jspwiki-war/src/main/config/doc/LICENSE.mit
selenide-6.6.6.jar ./jspwiki-war/src/main/config/doc/LICENSE.mit
stripes-1.7.0-async.jar LICENSE
yuicompressor-2.4.7.jar ./jspwiki-war/src/main/config/doc/LICENSE.yui
[jspwiki] 02/07: use log placeholders
Posted by ju...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 0f0054d3e8ca567b65ae7024d7f98e3ddf5e880d
Author: Juan Pablo Santos Rodríguez <ju...@gmail.com>
AuthorDate: Thu Jul 14 19:37:58 2022 +0200
use log placeholders
---
.../wiki/auth/DefaultAuthorizationManager.java | 35 +++++++++++-----------
1 file changed, 17 insertions(+), 18 deletions(-)
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java
index 5737b5444..09b0bc296 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java
@@ -77,7 +77,7 @@ import java.util.WeakHashMap;
*/
public class DefaultAuthorizationManager implements AuthorizationManager {
- private static final Logger log = LogManager.getLogger( DefaultAuthorizationManager.class );
+ private static final Logger LOG = LogManager.getLogger( DefaultAuthorizationManager.class );
private Authorizer m_authorizer;
@@ -139,10 +139,10 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
// any of these, the action is allowed.
final Principal[] aclPrincipals = acl.findPrincipals( permission );
- log.debug( "Checking ACL entries..." );
- log.debug( "Acl for this page is: " + acl );
- log.debug( "Checking for principal: " + Arrays.toString( aclPrincipals ) );
- log.debug( "Permission: " + permission );
+ LOG.debug( "Checking ACL entries..." );
+ LOG.debug( "Acl for this page is: {}", acl );
+ LOG.debug( "Checking for principal: {}", Arrays.toString( aclPrincipals ) );
+ LOG.debug( "Permission: {}", permission );
for( Principal aclPrincipal : aclPrincipals ) {
// If the ACL principal we're looking at is unresolved, try to resolve it here & correct the Acl
@@ -202,7 +202,6 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
@Override
public boolean hasAccess( final Context context, final HttpServletResponse response, final boolean redirect ) throws IOException {
final boolean allowed = checkPermission( context.getWikiSession(), context.requiredPermission() );
- final ResourceBundle rb = Preferences.getBundle( context, InternationalizationManager.CORE_BUNDLE );
// Stash the wiki context
if ( context.getHttpRequest() != null && context.getHttpRequest().getAttribute( Context.ATTR_CONTEXT ) == null ) {
@@ -211,15 +210,15 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
// If access not allowed, redirect
if( !allowed && redirect ) {
+ final ResourceBundle rb = Preferences.getBundle( context, InternationalizationManager.CORE_BUNDLE );
final Principal currentUser = context.getWikiSession().getUserPrincipal();
final String pageurl = context.getPage().getName();
if( context.getWikiSession().isAuthenticated() ) {
- log.info( "User " + currentUser.getName() + " has no access - forbidden (permission=" + context.requiredPermission() + ")" );
- context.getWikiSession().addMessage( MessageFormat.format( rb.getString( "security.error.noaccess.logged" ),
- context.getName()) );
+ LOG.info( "User {} has no access - forbidden (permission={})", currentUser.getName(), context.requiredPermission() );
+ context.getWikiSession().addMessage( MessageFormat.format( rb.getString( "security.error.noaccess.logged" ), context.getName()) );
} else {
- log.info( "User " + currentUser.getName() + " has no access - redirecting (permission=" + context.requiredPermission() + ")" );
- context.getWikiSession().addMessage( MessageFormat.format( rb.getString("security.error.noaccess"), context.getName() ) );
+ LOG.info( "User {} has no access - redirecting (permission={})", currentUser.getName(), context.requiredPermission() );
+ context.getWikiSession().addMessage( MessageFormat.format( rb.getString( "security.error.noaccess" ), context.getName() ) );
}
response.sendRedirect( m_engine.getURL( ContextEnum.WIKI_LOGIN.getRequestContext(), pageurl, null ) );
}
@@ -246,31 +245,31 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
if (policyURL != null) {
final File policyFile = new File( policyURL.toURI().getPath() );
- log.info("We found security policy URL: " + policyURL + " and transformed it to file " + policyFile.getAbsolutePath());
+ LOG.info("We found security policy URL: {} and transformed it to file {}",policyURL, policyFile.getAbsolutePath());
m_localPolicy = new LocalPolicy( policyFile, engine.getContentEncoding().displayName() );
m_localPolicy.refresh();
- log.info( "Initialized default security policy: " + policyFile.getAbsolutePath() );
+ LOG.info( "Initialized default security policy: {}", policyFile.getAbsolutePath() );
} else {
final String sb = "JSPWiki was unable to initialize the default security policy (WEB-INF/jspwiki.policy) file. " +
"Please ensure that the jspwiki.policy file exists in the default location. " +
"This file should exist regardless of the existance of a global policy file. " +
"The global policy file is identified by the java.security.policy variable. ";
final WikiSecurityException wse = new WikiSecurityException( sb );
- log.fatal( sb, wse );
+ LOG.fatal( sb, wse );
throw wse;
}
} catch ( final Exception e) {
- log.error("Could not initialize local security policy: " + e.getMessage() );
+ LOG.error("Could not initialize local security policy: {}", e.getMessage() );
throw new WikiException( "Could not initialize local security policy: " + e.getMessage(), e );
}
}
/**
- * Attempts to locate and initialize a Authorizer to use with this manager. Throws a WikiException if no entry is found, or if one
+ * Attempts to locate and initialize an Authorizer to use with this manager. Throws a WikiException if no entry is found, or if one
* fails to initialize.
*
* @param props jspwiki.properties, containing a 'jspwiki.authorization.provider' class name.
- * @return a Authorizer used to get page authorization information.
+ * @return an Authorizer used to get page authorization information.
* @throws WikiException if there are problems finding the authorizer implementation.
*/
private Authorizer getAuthorizerImplementation( final Properties props ) throws WikiException {
@@ -283,7 +282,7 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
try {
return ClassUtil.buildInstance( "org.apache.wiki.auth.authorize", clazz );
} catch( final ReflectiveOperationException e ) {
- log.fatal( "Authorizer {} cannot be instantiated", clazz, e );
+ LOG.fatal( "Authorizer {} cannot be instantiated", clazz, e );
throw new WikiException( "Authorizer " + clazz + " cannot be instantiated", e );
}
}
[jspwiki] 01/07: Bring CSRF protection to group management JSPs
Posted by ju...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 1d9c4410d0c747b15e791b8b765284dfcfb66ed4
Author: Juan Pablo Santos Rodríguez <ju...@gmail.com>
AuthorDate: Thu Jul 14 19:37:27 2022 +0200
Bring CSRF protection to group management JSPs
---
.../wiki/http/filter/CsrfProtectionFilter.java | 31 +++++++++++++++-------
jspwiki-war/src/main/webapp/DeleteGroup.jsp | 6 +++++
jspwiki-war/src/main/webapp/EditGroup.jsp | 15 ++++++-----
jspwiki-war/src/main/webapp/NewGroup.jsp | 5 ++++
4 files changed, 40 insertions(+), 17 deletions(-)
diff --git a/jspwiki-http/src/main/java/org/apache/wiki/http/filter/CsrfProtectionFilter.java b/jspwiki-http/src/main/java/org/apache/wiki/http/filter/CsrfProtectionFilter.java
index aed2ca8e4..808c3517c 100644
--- a/jspwiki-http/src/main/java/org/apache/wiki/http/filter/CsrfProtectionFilter.java
+++ b/jspwiki-http/src/main/java/org/apache/wiki/http/filter/CsrfProtectionFilter.java
@@ -13,8 +13,8 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
-import java.io.PrintWriter;
/**
@@ -36,25 +36,36 @@ public class CsrfProtectionFilter implements Filter {
/** {@inheritDoc} */
@Override
public void doFilter( final ServletRequest request, final ServletResponse response, final FilterChain chain ) throws IOException, ServletException {
- if( "POST".equalsIgnoreCase( ( ( HttpServletRequest ) request ).getMethod() ) ) {
+ if( isPost( ( HttpServletRequest ) request ) ) {
final Engine engine = Wiki.engine().find( request.getServletContext(), null );
final Session session = Wiki.session().find( engine, ( HttpServletRequest ) request );
- if( !session.antiCsrfToken().equals( request.getParameter( ANTICSRF_PARAM ) ) ) {
+ if( !requestContainsValidCsrfToken( request, session ) ) {
LOG.error( "Incorrect {} param with value '{}' received for {}",
ANTICSRF_PARAM, request.getParameter( ANTICSRF_PARAM ), ( ( HttpServletRequest ) request ).getPathInfo() );
- final PrintWriter out = response.getWriter();
- out.print("<!DOCTYPE html><html lang=\"en\"><head><title>Fatal problem with JSPWiki</title></head>");
- out.print("<body>");
- out.print("<h1>CSRF injection detected</h1>");
- out.print("<p>A CSRF injection has been detected, so the request has been stopped</p>");
- out.print("<p>Please check your system logs to pinpoint the request origin, someone's trying to mess with your installation.</p>");
- out.print("</body></html>");
+ ( ( HttpServletResponse ) response ).sendRedirect( "/error/Forbidden.html" );
return;
}
}
chain.doFilter( request, response );
}
+ public static boolean isCsrfProtectedPost( final HttpServletRequest request ) {
+ if( isPost( request ) ) {
+ final Engine engine = Wiki.engine().find( request.getServletContext(), null );
+ final Session session = Wiki.session().find( engine, request );
+ return requestContainsValidCsrfToken( request, session );
+ }
+ return false;
+ }
+
+ private static boolean requestContainsValidCsrfToken( final ServletRequest request, final Session session ) {
+ return session.antiCsrfToken().equals( request.getParameter( ANTICSRF_PARAM ) );
+ }
+
+ static boolean isPost( final HttpServletRequest request ) {
+ return "POST".equalsIgnoreCase( request.getMethod() );
+ }
+
/** {@inheritDoc} */
@Override
public void destroy() {
diff --git a/jspwiki-war/src/main/webapp/DeleteGroup.jsp b/jspwiki-war/src/main/webapp/DeleteGroup.jsp
index 17570bf38..275f6ccf5 100644
--- a/jspwiki-war/src/main/webapp/DeleteGroup.jsp
+++ b/jspwiki-war/src/main/webapp/DeleteGroup.jsp
@@ -25,6 +25,7 @@
<%@ page import="org.apache.wiki.auth.NoSuchPrincipalException" %>
<%@ page import="org.apache.wiki.auth.WikiSecurityException" %>
<%@ page import="org.apache.wiki.auth.authorize.GroupManager" %>
+<%@ page import="org.apache.wiki.http.filter.CsrfProtectionFilter" %>
<%@ page import="org.apache.wiki.preferences.Preferences" %>
<%@ page errorPage="/Error.jsp" %>
<%@ taglib uri="http://jspwiki.apache.org/tags" prefix="wiki" %>
@@ -50,6 +51,11 @@
response.sendRedirect( "Group.jsp" );
}
+ if( !CsrfProtectionFilter.isCsrfProtectedPost( request ) ) {
+ response.sendRedirect( "/error/Forbidden.html" );
+ return;
+ }
+
// Check that the group exists first
try
{
diff --git a/jspwiki-war/src/main/webapp/EditGroup.jsp b/jspwiki-war/src/main/webapp/EditGroup.jsp
index 72b1b322c..94277752a 100644
--- a/jspwiki-war/src/main/webapp/EditGroup.jsp
+++ b/jspwiki-war/src/main/webapp/EditGroup.jsp
@@ -25,6 +25,7 @@
<%@ page import="org.apache.wiki.auth.WikiSecurityException" %>
<%@ page import="org.apache.wiki.auth.authorize.Group" %>
<%@ page import="org.apache.wiki.auth.authorize.GroupManager" %>
+<%@ page import="org.apache.wiki.http.filter.CsrfProtectionFilter" %>
<%@ page import="org.apache.wiki.preferences.Preferences" %>
<%@ page import="org.apache.wiki.ui.TemplateManager" %>
<%@ page errorPage="/Error.jsp" %>
@@ -43,20 +44,20 @@
Session wikiSession = wikiContext.getWikiSession();
GroupManager groupMgr = wiki.getManager( GroupManager.class );
Group group = null;
- try
- {
+ try {
group = groupMgr.parseGroup( wikiContext, false );
pageContext.setAttribute ( "Group", group, PageContext.REQUEST_SCOPE );
- }
- catch ( WikiSecurityException e )
- {
+ } catch ( WikiSecurityException e ) {
wikiSession.addMessage( GroupManager.MESSAGES_KEY, e.getMessage() );
response.sendRedirect( "Group.jsp" );
}
// Are we saving the group?
- if( "save".equals(request.getParameter("action")) )
- {
+ if( "save".equals( request.getParameter( "action" ) ) ) {
+ if( !CsrfProtectionFilter.isCsrfProtectedPost( request ) ) {
+ response.sendRedirect( "/error/Forbidden.html" );
+ return;
+ }
// Validate the group
groupMgr.validateGroup( wikiContext, group );
diff --git a/jspwiki-war/src/main/webapp/NewGroup.jsp b/jspwiki-war/src/main/webapp/NewGroup.jsp
index 3fd4a0b20..5f098f78f 100644
--- a/jspwiki-war/src/main/webapp/NewGroup.jsp
+++ b/jspwiki-war/src/main/webapp/NewGroup.jsp
@@ -28,6 +28,7 @@
<%@ page import="org.apache.wiki.auth.AuthorizationManager" %>
<%@ page import="org.apache.wiki.auth.authorize.Group" %>
<%@ page import="org.apache.wiki.auth.authorize.GroupManager" %>
+<%@ page import="org.apache.wiki.http.filter.CsrfProtectionFilter" %>
<%@ page import="org.apache.wiki.preferences.Preferences" %>
<%@ page import="org.apache.wiki.ui.TemplateManager" %>
<%@ page errorPage="/Error.jsp" %>
@@ -37,6 +38,10 @@
%>
<%
+ if( !CsrfProtectionFilter.isCsrfProtectedPost( request ) ) {
+ response.sendRedirect( "/error/Forbidden.html" );
+ return;
+ }
Engine wiki = Wiki.engine().find( getServletConfig() );
// Create wiki context and check for authorization
Context wikiContext = Wiki.context().create( wiki, request, ContextEnum.WIKI_CREATE_GROUP.getRequestContext() );
[jspwiki] 05/07: add default application name on element to templates' templates</h2>
<b>Posted by ju...@apache.org.</b><hr/><pre>This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit fb705250c96ac2129d431b059242821ccd646b6a
Author: Juan Pablo Santos Rodríguez <ju...@gmail.com>
AuthorDate: Thu Jul 14 19:46:46 2022 +0200
add default application name on <title> element to templates' templates
---
jspwiki-war/src/main/webapp/Captcha.jsp | 2 +-
jspwiki-war/src/main/webapp/Error.jsp | 2 +-
jspwiki-war/src/main/webapp/admin/Admin.jsp | 2 +-
jspwiki-war/src/main/webapp/admin/SecurityConfig.jsp | 4 ++--
jspwiki-war/src/main/webapp/templates/210/EditTemplate.jsp | 4 ++--
jspwiki-war/src/main/webapp/templates/210/UploadTemplate.jsp | 2 +-
jspwiki-war/src/main/webapp/templates/210/ViewTemplate.jsp | 2 +-
jspwiki-war/src/main/webapp/templates/default/EditTemplate.jsp | 4 ++--
jspwiki-war/src/main/webapp/templates/default/UploadTemplate.jsp | 2 +-
jspwiki-war/src/main/webapp/templates/default/ViewTemplate.jsp | 2 +-
jspwiki-war/src/main/webapp/templates/reader/ViewTemplate.jsp | 2 +-
11 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/jspwiki-war/src/main/webapp/Captcha.jsp b/jspwiki-war/src/main/webapp/Captcha.jsp
index ed33fdf10..a594f8007 100644
--- a/jspwiki-war/src/main/webapp/Captcha.jsp
+++ b/jspwiki-war/src/main/webapp/Captcha.jsp
@@ -75,7 +75,7 @@
<html lang="<c:out value='${prefs.Language}' default='en'/>" name="top">
<head>
- <title><wiki:Variable var="applicationname" />: <wiki:PageName /></title>
+ <title><wiki:Variable var="applicationname" default="Apache JSPWiki" />: <wiki:PageName /></title>
<%-- <wiki:Include page="commonheader.jsp"/> --%>
<meta name="robots" content="noindex,nofollow" />
<script type="text/javascript">
diff --git a/jspwiki-war/src/main/webapp/Error.jsp b/jspwiki-war/src/main/webapp/Error.jsp
index 8e30ba85f..fae593237 100644
--- a/jspwiki-war/src/main/webapp/Error.jsp
+++ b/jspwiki-war/src/main/webapp/Error.jsp
@@ -70,7 +70,7 @@
<!doctype html>
<html lang="<c:out value='${prefs.Language}' default='en'/>" name="top">
<head>
- <title><wiki:Variable var="applicationname" />: ERROR Page</title>
+ <title><wiki:Variable var="applicationname" default="Apache JSPWiki" />: ERROR Page</title>
</head>
<body>
diff --git a/jspwiki-war/src/main/webapp/admin/Admin.jsp b/jspwiki-war/src/main/webapp/admin/Admin.jsp
index f1d52f0e9..1fc32bd4f 100644
--- a/jspwiki-war/src/main/webapp/admin/Admin.jsp
+++ b/jspwiki-war/src/main/webapp/admin/Admin.jsp
@@ -49,7 +49,7 @@
<!doctype html>
<html lang="en">
<head>
- <title><wiki:Variable var="applicationname" />: ADMIN UI</title>
+ <title><wiki:Variable var="applicationname" default="Apache JSPWiki" />: ADMIN UI</title>
<base href="../"/>
<link rel="stylesheet" media="screen, projection" type="text/css" href="<wiki:Link format="url" templatefile="jspwiki.css"/>"/>
<wiki:IncludeResources type="stylesheet"/>
diff --git a/jspwiki-war/src/main/webapp/admin/SecurityConfig.jsp b/jspwiki-war/src/main/webapp/admin/SecurityConfig.jsp
index 5c1526903..220fab589 100644
--- a/jspwiki-war/src/main/webapp/admin/SecurityConfig.jsp
+++ b/jspwiki-war/src/main/webapp/admin/SecurityConfig.jsp
@@ -51,7 +51,7 @@
{
%>
<head>
- <title><wiki:Variable var="applicationname" />: JSPWiki Security Configuration Verifier</title>
+ <title><wiki:Variable var="applicationname" default="Apache JSPWiki" />: JSPWiki Security Configuration Verifier</title>
<base href="../"/>
<link rel="stylesheet" media="screen, projection" type="text/css" href="<wiki:Link format="url" templatefile="jspwiki.css"/>"/>
<wiki:IncludeResources type="stylesheet"/>
@@ -77,7 +77,7 @@
%>
<head>
- <title><wiki:Variable var="applicationname" />: JSPWiki Security Configuration Verifier</title>
+ <title><wiki:Variable var="applicationname" default="Apache JSPWiki" />: JSPWiki Security Configuration Verifier</title>
<base href="../"/>
<link rel="stylesheet" media="screen, projection" type="text/css" href="<wiki:Link format="url" templatefile="jspwiki.css"/>"/>
<wiki:IncludeResources type="stylesheet"/>
diff --git a/jspwiki-war/src/main/webapp/templates/210/EditTemplate.jsp b/jspwiki-war/src/main/webapp/templates/210/EditTemplate.jsp
index 38d399dd1..91a8e2f1e 100644
--- a/jspwiki-war/src/main/webapp/templates/210/EditTemplate.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/EditTemplate.jsp
@@ -29,13 +29,13 @@
<title>
<wiki:CheckRequestContext context="edit">
<fmt:message key="edit.title.edit">
- <fmt:param><wiki:Variable var="ApplicationName" /></fmt:param>
+ <fmt:param><wiki:Variable var="ApplicationName" default="Apache JSPWiki" /></fmt:param>
<fmt:param><wiki:PageName /></fmt:param>
</fmt:message>
</wiki:CheckRequestContext>
<wiki:CheckRequestContext context="comment">
<fmt:message key="comment.title.comment">
- <fmt:param><wiki:Variable var="ApplicationName" /></fmt:param>
+ <fmt:param><wiki:Variable var="ApplicationName" default="Apache JSPWiki" /></fmt:param>
<fmt:param><wiki:PageName /></fmt:param>
</fmt:message>
</wiki:CheckRequestContext>
diff --git a/jspwiki-war/src/main/webapp/templates/210/UploadTemplate.jsp b/jspwiki-war/src/main/webapp/templates/210/UploadTemplate.jsp
index 816df0f7c..04f091716 100644
--- a/jspwiki-war/src/main/webapp/templates/210/UploadTemplate.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/UploadTemplate.jsp
@@ -36,7 +36,7 @@
<html lang="en" id="top" xmlns="http://www.w3.org/1999/xhtml" xmlns:jspwiki="http://jspwiki.apache.org">
<head>
- <title><fmt:message key="upload.title"><fmt:param><wiki:Variable var="applicationname"/></fmt:param></fmt:message></title>
+ <title><fmt:message key="upload.title"><fmt:param><wiki:Variable var="applicationname" default="Apache JSPWiki"/></fmt:param></fmt:message></title>
<wiki:Include page="commonheader.jsp"/>
<meta name="robots" content="noindex,nofollow" />
</head>
diff --git a/jspwiki-war/src/main/webapp/templates/210/ViewTemplate.jsp b/jspwiki-war/src/main/webapp/templates/210/ViewTemplate.jsp
index 451dbefa2..8decfc2f6 100644
--- a/jspwiki-war/src/main/webapp/templates/210/ViewTemplate.jsp
+++ b/jspwiki-war/src/main/webapp/templates/210/ViewTemplate.jsp
@@ -28,7 +28,7 @@
<head>
<title>
<fmt:message key="view.title.view">
- <fmt:param><wiki:Variable var="ApplicationName" /></fmt:param>
+ <fmt:param><wiki:Variable var="ApplicationName" default="Apache JSPWiki" /></fmt:param>
<fmt:param><wiki:PageName /></fmt:param>
</fmt:message>
</title>
diff --git a/jspwiki-war/src/main/webapp/templates/default/EditTemplate.jsp b/jspwiki-war/src/main/webapp/templates/default/EditTemplate.jsp
index 2b6f10eee..87cb3a2e7 100644
--- a/jspwiki-war/src/main/webapp/templates/default/EditTemplate.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/EditTemplate.jsp
@@ -28,13 +28,13 @@
<title>
<wiki:CheckRequestContext context="edit">
<fmt:message key="edit.title.edit">
- <fmt:param><wiki:Variable var="ApplicationName" /></fmt:param>
+ <fmt:param><wiki:Variable var="ApplicationName" default="Apache JSPWiki" /></fmt:param>
<fmt:param><wiki:PageName /></fmt:param>
</fmt:message>
</wiki:CheckRequestContext>
<wiki:CheckRequestContext context="comment">
<fmt:message key="comment.title.comment">
- <fmt:param><wiki:Variable var="ApplicationName" /></fmt:param>
+ <fmt:param><wiki:Variable var="ApplicationName" default="Apache JSPWiki" /></fmt:param>
<fmt:param><wiki:PageName /></fmt:param>
</fmt:message>
</wiki:CheckRequestContext>
diff --git a/jspwiki-war/src/main/webapp/templates/default/UploadTemplate.jsp b/jspwiki-war/src/main/webapp/templates/default/UploadTemplate.jsp
index 5f1a7d2b5..1b3f00829 100644
--- a/jspwiki-war/src/main/webapp/templates/default/UploadTemplate.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/UploadTemplate.jsp
@@ -28,7 +28,7 @@
<html lang="${prefs.Language}" name="top">
<head>
- <title><fmt:message key="upload.title"><fmt:param><wiki:Variable var="applicationname"/></fmt:param></fmt:message></title>
+ <title><fmt:message key="upload.title"><fmt:param><wiki:Variable var="applicationname" default="Apache JSPWiki"/></fmt:param></fmt:message></title>
<wiki:Include page="commonheader.jsp"/>
<meta name="robots" content="noindex,nofollow" />
</head>
diff --git a/jspwiki-war/src/main/webapp/templates/default/ViewTemplate.jsp b/jspwiki-war/src/main/webapp/templates/default/ViewTemplate.jsp
index 0f860d1eb..50c902d7b 100644
--- a/jspwiki-war/src/main/webapp/templates/default/ViewTemplate.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/ViewTemplate.jsp
@@ -29,7 +29,7 @@
<title>
<fmt:message key="view.title.view">
- <fmt:param><wiki:Variable var="ApplicationName" /></fmt:param>
+ <fmt:param><wiki:Variable var="ApplicationName" default="Apache JSPWiki" /></fmt:param>
<fmt:param><wiki:PageName /></fmt:param>
</fmt:message>
</title>
diff --git a/jspwiki-war/src/main/webapp/templates/reader/ViewTemplate.jsp b/jspwiki-war/src/main/webapp/templates/reader/ViewTemplate.jsp
index ce41eb902..fc28259b4 100644
--- a/jspwiki-war/src/main/webapp/templates/reader/ViewTemplate.jsp
+++ b/jspwiki-war/src/main/webapp/templates/reader/ViewTemplate.jsp
@@ -28,7 +28,7 @@
<meta charset="<wiki:ContentEncoding />">
<title>
<fmt:message key="view.title.view">
- <fmt:param><wiki:Variable var="ApplicationName" /></fmt:param>
+ <fmt:param><wiki:Variable var="ApplicationName" default="Apache JSPWiki" /></fmt:param>
<fmt:param><wiki:PageName /></fmt:param>
</fmt:message>
</title>
</pre><hr/>
<h2>[jspwiki] 06/07: Main as default frontpage if none is defined</h2>
<b>Posted by ju...@apache.org.</b><hr/><pre>This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 9dbca5af0af384f7bef54038a7653c5ebedeead7
Author: Juan Pablo Santos Rodríguez <ju...@gmail.com>
AuthorDate: Thu Jul 14 19:58:17 2022 +0200
Main as default frontpage if none is defined
---
jspwiki-war/src/main/webapp/templates/default/Header.jsp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jspwiki-war/src/main/webapp/templates/default/Header.jsp b/jspwiki-war/src/main/webapp/templates/default/Header.jsp
index e261e00ec..bf5f006a0 100644
--- a/jspwiki-war/src/main/webapp/templates/default/Header.jsp
+++ b/jspwiki-war/src/main/webapp/templates/default/Header.jsp
@@ -24,7 +24,7 @@
<%@ page import="org.apache.wiki.api.core.*" %>
<fmt:setLocale value="${prefs.Language}" />
<fmt:setBundle basename="templates.default"/>
-<c:set var="frontpage"><wiki:Variable var="jspwiki.frontPage" /></c:set>
+<c:set var="frontpage"><wiki:Variable var="jspwiki.frontPage" default="Main" /></c:set>
<div class="header">
</pre><hr/>
</body>
</html>