Author: markt
Date: Sun Jun 23 18:41:06 2013
New Revision: 1495870
URL: http://svn.apache.org/r1495870
Log:
Fix published Javadoc affected by CVE-2013-1571.
This commit has been performed by the ASF Infrastructure team.
Please ensure that your build processes are reviewed (and fixed if
necessary) to ensure that any updates to this Javadoc do not
re-introduce the vulnerability.
Modified:
axis/site/axis/java/apiDocs/index.html
Modified: axis/site/axis/java/apiDocs/index.html
URL:
http://svn.apache.org/viewvc/axis/site/axis/java/apiDocs/index.html?rev=1495870&r1=1495869&r2=1495870&view=diff
==============================================================================
--- axis/site/axis/java/apiDocs/index.html (original)
+++ axis/site/axis/java/apiDocs/index.html Sun Jun 23 18:41:06 2013
@@ -12,6 +12,42 @@ Apache Axis
targetPage = targetPage.substring(1);
if (targetPage.indexOf(":") != -1)
targetPage = "undefined";
+ if (targetPage != "" && !validURL(targetPage))
+ targetPage = "undefined";
+ function validURL(url) {
+ var pos = url.indexOf(".html");
+ if (pos == -1 || pos != url.length - 5)
+ return false;
+ var allowNumber = false;
+ var allowSep = false;
+ var seenDot = false;
+ for (var i = 0; i < url.length - 5; i++) {
+ var ch = url.charAt(i);
+ if ('a' <= ch && ch <= 'z' ||
+ 'A' <= ch && ch <= 'Z' ||
+ ch == '$' ||
+ ch == '_') {
+ allowNumber = true;
+ allowSep = true;
+ } else if ('0' <= ch && ch <= '9'
+ || ch == '-') {
+ if (!allowNumber)
+ return false;
+ } else if (ch == '/' || ch == '.') {
+ if (!allowSep)
+ return false;
+ allowNumber = false;
+ allowSep = false;
+ if (ch == '.')
+ seenDot = true;
+ if (ch == '/' && seenDot)
+ return false;
+ } else {
+ return false;
+ }
+ }
+ return true;
+ }
function loadFrames() {
if (targetPage != "" && targetPage != "undefined")
top.classFrame.location = top.targetPage;
@@ -36,4 +72,4 @@ This document is designed to be viewed u
Link to<A HREF="overview-summary.html">Non-frame version.</A>
</NOFRAMES>
</FRAMESET>
-</HTML>
\ No newline at end of file
+</HTML>
