[activemq] branch activemq-5.15.x updated: AMQ-7231 - Fix XSS in WebConsole

Mon, 03 Feb 2020 07:17:21 -0800 

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch activemq-5.15.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.15.x by this push:
     new 7793a95  AMQ-7231 - Fix XSS in WebConsole
7793a95 is described below

commit 7793a952e2b3c002b172fb2c52b84ca5c4febe2d
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Jan 23 12:34:17 2020 +0000

    AMQ-7231 - Fix XSS in WebConsole
    
    (cherry picked from commit 81bd743eaa243f0cc5dfbb1342cee1fef1fc5df2)
---
 activemq-web-console/src/main/webapp/browse.jsp   |  2 +-
 activemq-web-console/src/main/webapp/js/common.js | 13 -------------
 activemq-web-console/src/main/webapp/message.jsp  | 20 ++++++++++++++++++--
 3 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/activemq-web-console/src/main/webapp/browse.jsp 
b/activemq-web-console/src/main/webapp/browse.jsp
index 0e18e15..ce093e4 100644
--- a/activemq-web-console/src/main/webapp/browse.jsp
+++ b/activemq-web-console/src/main/webapp/browse.jsp
@@ -50,7 +50,7 @@
 <td><a href="<c:url value="message.jsp">
                  <c:param name="id" value="${row.JMSMessageID}" />
                  <c:param name="JMSDestination" 
value="${requestContext.queueBrowser.JMSDestination}"/></c:url>"
-    title="${row.properties}">${row.JMSMessageID}</a></td>
+    title="<c:out value="${row.properties}"/>">${row.JMSMessageID}</a></td>
 <td><c:out value="${row.JMSCorrelationID}"/></td>
 <td><jms:persistent message="${row}"/></td>
 <td><c:out value="${row.JMSPriority}"/></td>
diff --git a/activemq-web-console/src/main/webapp/js/common.js 
b/activemq-web-console/src/main/webapp/js/common.js
index e20a34f..a4f6921 100644
--- a/activemq-web-console/src/main/webapp/js/common.js
+++ b/activemq-web-console/src/main/webapp/js/common.js
@@ -106,16 +106,3 @@ function getEventTarget(e) {
        return targ;
 }
 
-function confirmAction(id, url) {
-       //TODO i18n messages
-       var select = document.getElementById(id);
-       var selectedIndex = select.selectedIndex; 
-       if (select.selectedIndex == 0) {
-               alert("Please select a value");
-               return;
-       }
-       var value = select.options[selectedIndex].value;
-       url = url.replace(/%target%/gi, value);
-       if (confirm("Are you sure?"))
-         location.href=url;
-}
\ No newline at end of file
diff --git a/activemq-web-console/src/main/webapp/message.jsp 
b/activemq-web-console/src/main/webapp/message.jsp
index 7563d06..262dc5e 100644
--- a/activemq-web-console/src/main/webapp/message.jsp
+++ b/activemq-web-console/src/main/webapp/message.jsp
@@ -151,7 +151,7 @@ No message could be found for ID <c:out 
value="${requestContext.messageQuery.id}
                        </tr>
                     </c:if>
                     <tr class="odd">
-                    <td><a href="<c:out 
value="javascript:confirmAction('queue', 
'copyMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')">Copy</a></td>
+                    <td><a href="<c:out 
value="javascript:confirmAction('queue', 'copyMessage"/>')">Copy</a></td>
                         <td rowspan="2">
                             <select id="queue">
                                 <option value=""> -- Please select --</option>
@@ -165,7 +165,7 @@ No message could be found for ID <c:out 
value="${requestContext.messageQuery.id}
 
                     </tr>
                     <tr class="odd">
-                        <td><a href="<c:out 
value="javascript:confirmAction('queue', 
'moveMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')"
+                        <td><a href="<c:out 
value="javascript:confirmAction('queue', 'moveMessage"/>')"
                             >Move</a></td>
                     </tr>
                 </tbody>
@@ -225,6 +225,22 @@ function selectOptionByText (selElem, selText) {
     }
 }
 
+function confirmAction(id, action) {
+       //TODO i18n messages
+       var select = document.getElementById(id);
+       var selectedIndex = select.selectedIndex; 
+       if (select.selectedIndex == 0) {
+               alert("Please select a value");
+               return;
+       }
+       var value = select.options[selectedIndex].value;
+       var url = action + ".action?destination=" + value;
+       url += "&JMSDestination=${requestContext.messageQuery.JMSDestination}";
+       url += 
"&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}";
+       if (confirm("Are you sure?"))
+         location.href=url;
+}
+
 window.onload=function() {
        sortSelect( document.getElementById('queue') );
        selectOptionByText( document.getElementById('queue'), "-- Please select 
--" );

Reply via email to