date:20080224

[CONF] Confluence Changes in the last 24 hours

2008-02-24 Thread confluence

-
This is a daily summary of all recent changes in Confluence.

-
Updated Spaces:
-

Apache Geronimo Development (GMOxDEV) 
http://cwiki.apache.org/confluence/display/GMOxDEV
|
|-Pages Added or Edited in This Space
 |-- Monitoring and Management Service was last edited by vhnguyen (09:15 AM).
 |   
http://cwiki.apache.org/confluence/display/GMOxDEV/Monitoring+and+Management+Service

Infrastructure - Web Applications (INFRA) 
http://cwiki.apache.org/confluence/display/INFRA
|
|-Pages Added or Edited in This Space
 |-- Upgrading the Apache JIRAs was last edited by jefft (09:04 PM).
 |   http://cwiki.apache.org/confluence/display/INFRA/Upgrading+the+Apache+JIRAs

Apache Struts 2 Documentation (WW) http://cwiki.apache.org/confluence/display/WW
 |
 |-New Comments in This Space
 |-- http://cwiki.apache.org/confluence/pages/viewpage.action?pageId=33168 (1)

Apache CXF (CXF) http://cwiki.apache.org/confluence/display/CXF
|
|-Pages Added or Edited in This Space
 |-- Building was last edited by mazzag (02:05 PM).
 |   http://cwiki.apache.org/confluence/display/CXF/Building

Apache Geronimo v2.1 (GMOxDOC21) 
http://cwiki.apache.org/confluence/display/GMOxDOC21
|
|-Pages Added or Edited in This Space
 |-- Configuring run-as and Default Subjects, and principal-role mapping was 
last edited by djencks (11:00 PM).
 |   
http://cwiki.apache.org/confluence/display/GMOxDOC21/Configuring+run-as+and+Default+Subjects%2C+and+principal-role+mapping
 |-- Plugin infrastructure was last edited by djencks (10:59 PM).
 |   http://cwiki.apache.org/confluence/display/GMOxDOC21/Plugin+infrastructure
 |-- SPECjAppServer2004 was last edited by vmz (11:27 AM).
 |   http://cwiki.apache.org/confluence/display/GMOxDOC21/SPECjAppServer2004
 |-- Apache Harmony was last edited by vmz (11:24 AM).
 |   http://cwiki.apache.org/confluence/display/GMOxDOC21/Apache+Harmony
 |-- Stateless Session Bean was created by [EMAIL PROTECTED] (06:59 AM).
 |   http://cwiki.apache.org/confluence/display/GMOxDOC21/Stateless+Session+Bean

Test Space (test) http://cwiki.apache.org/confluence/display/test
|
|-Pages Added or Edited in This Space
 |-- Adding some random chinese characters was last edited by jefft (10:22 PM).
 |   
http://cwiki.apache.org/confluence/display/test/Adding+some+random+chinese+characters
 |
 |-New Comments in This Space
 |-- 
http://cwiki.apache.org/confluence/display/test/Adding+some+random+chinese+characters
 (3)

Apache Wicket (WICKET) http://cwiki.apache.org/confluence/display/WICKET
|
|-Pages Added or Edited in This Space
 |-- Wicket's XHTML tags was last edited by [EMAIL PROTECTED] (03:32 AM).
 |   http://cwiki.apache.org/confluence/display/WICKET/Wicket%27s+XHTML+tags


-
CONFLUENCE INFORMATION
This message is automatically generated by Confluence

Unsubscribe or edit your notifications preferences
   http://cwiki.apache.org/confluence/users/viewnotifications.action

If you think it was sent incorrectly contact one of the administrators
   http://cwiki.apache.org/confluence/administrators.action

If you want more information on Confluence, or have a bug to report see
   http://www.atlassian.com/software/confluence

svn commit: r630740 - /struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java

2008-02-24 Thread rgielen

Author: rgielen
Date: Sun Feb 24 22:09:14 2008
New Revision: 630740

URL: http://svn.apache.org/viewvc?rev=630740&view=rev
Log:
WW-2414:
Applied James Mitchell's patch for critical XSS bug to 2.0.x tree

Modified:

struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java

Modified: 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java?rev=630740&r1=630739&r2=630740&view=diff
==
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
 (original)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java
 Sun Feb 24 22:09:14 2008
@@ -188,10 +188,14 @@
 buildParametersString(params, link, "&");
 }
 
-String result;
+String result = link.toString();
+
+while (result.indexOf("

svn commit: r630742 - in /struts/struts2/branches/STRUTS_2_0_X/core/src: main/java/org/apache/struts2/components/ test/java/org/apache/struts2/views/jsp/ui/ test/resources/org/apache/struts2/views/jsp

2008-02-24 Thread rgielen

Author: rgielen
Date: Sun Feb 24 22:26:12 2008
New Revision: 630742

URL: http://svn.apache.org/viewvc?rev=630742&view=rev
Log:
WW-2427:
Applied Don Brown's fix for escaping double quote in href to 2.0.x tree

Added:

struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
Modified:

struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java

struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java

struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java

Modified: 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java?rev=630742&r1=630741&r2=630742&view=diff
==
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java
 (original)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/AbstractRemoteCallUIBean.java
 Sun Feb 24 22:26:12 2008
@@ -60,7 +60,7 @@
 super.evaluateExtraParams();
 
 if (href != null)
-addParameter("href", findString(href));
+ addParameter("href", 
ensureAttributeSafelyNotEscaped(findString(href)));
 if (errorText != null)
 addParameter("errorText", findString(errorText));
 if (loadingText != null)

Modified: 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java?rev=630742&r1=630741&r2=630742&view=diff
==
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java
 (original)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/components/UIBean.java
 Sun Feb 24 22:26:12 2008
@@ -790,6 +790,20 @@
 }
 }
 
+/**
+ * Ensures an unescaped attribute value cannot be vulnerable to XSS attacks
+ *
+ * @param val The value to check
+ * @return The escaped value
+ */
+protected String ensureAttributeSafelyNotEscaped(String val) {
+if (val != null) {
+return val.replaceAll("\"", """);
+} else {
+return "";
+}
+}
+
 protected void evaluateExtraParams() {
 }
 

Modified: 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java?rev=630742&r1=630741&r2=630742&view=diff
==
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
 (original)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/java/org/apache/struts2/views/jsp/ui/AnchorTest.java
 Sun Feb 24 22:26:12 2008
@@ -56,4 +56,18 @@
 verify(AnchorTest.class.getResource("href-1.txt"));
 }
 
+public void testSimpleBadQuote() throws Exception {
+TestAction testAction = (TestAction) action;
+testAction.setFoo("bar");
+
+AnchorTag tag = new AnchorTag();
+tag.setPageContext(pageContext);
+
+tag.setId("mylink");
+tag.setHref("a\"");
+tag.doStartTag();
+tag.doEndTag();
+
+verify(AnchorTest.class.getResource("href-2.txt"));
+}
 }

Added: 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
URL: 
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt?rev=630742&view=auto
==
--- 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
 (added)
+++ 
struts/struts2/branches/STRUTS_2_0_X/core/src/test/resources/org/apache/struts2/views/jsp/ui/href-2.txt
 Sun Feb 24 22:26:12 2008
@@ -0,0 +1,4 @@
+
+
\ No newline at end of file

[CONF] Confluence Changes in the last 24 hours

svn commit: r630740 - /struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/views/util/UrlHelper.java

svn commit: r630742 - in /struts/struts2/branches/STRUTS_2_0_X/core/src: main/java/org/apache/struts2/components/ test/java/org/apache/struts2/views/jsp/ui/ test/resources/org/apache/struts2/views/jsp

3 matches

Site Navigation

Mail list logo

Footer information