svn commit: r750928 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp

Fri, 06 Mar 2009 06:57:28 -0800 

Author: markt
Date: Fri Mar  6 14:57:04 2009
New Revision: 750928

URL: http://svn.apache.org/viewvc?rev=750928&view=rev
Log:
Fix XSS in examples web application.
This is CVE-2009-0781.
Security page updates and formal announcement to follow.

Modified:
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml
    tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=750928&r1=750927&r2=750928&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Fri Mar  6 14:57:04 2009
@@ -31,6 +31,15 @@
   </properties>
 
 <body>
+<section name="Tomcat 5.5.28 (fhanik)">
+  <subsection name="webapps">
+    <changelog>
+      <fix>
+        Fix CVE-2009-0781. XSS in calendar example. (markt)
+      </fix>
+    </changelog>
+  </subsection>
+</section>
 <section name="Tomcat 5.5.27 (fhanik)">
   <subsection name="General">
     <changelog>

Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp
URL: 
http://svn.apache.org/viewvc/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp?rev=750928&r1=750927&r2=750928&view=diff
==============================================================================
--- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp 
(original)
+++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/cal/cal2.jsp Fri 
Mar  6 14:57:04 2009
@@ -35,7 +35,7 @@
 <FORM METHOD=POST ACTION=cal1.jsp>
 <BR> 
 <BR> <INPUT NAME="date" TYPE=HIDDEN VALUE="current">
-<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE=<%= util.HTMLFilter.filter(time) %>
+<BR> <INPUT NAME="time" TYPE=HIDDEN VALUE="<%= util.HTMLFilter.filter(time) 
%>">
 <BR> <h2> Description of the event <INPUT NAME="description" TYPE=TEXT 
SIZE=20> </h2>
 <BR> <INPUT TYPE=SUBMIT VALUE="submit">
 </FORM>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to