[jspwiki] branch master updated: 2.11.0-M4-git-06 [JSPWIKI-1107] Fixing file upload XSS vulnerability

Thu, 25 Apr 2019 13:24:01 -0700 

This is an automated email from the ASF dual-hosted git repository.

brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git


The following commit(s) were added to refs/heads/master by this push:
     new 59881d4  2.11.0-M4-git-06 [JSPWIKI-1107] Fixing file upload XSS 
vulnerability
59881d4 is described below

commit 59881d4c80c3c686cce582714ef6ff31956502ad
Author: brushed <[email protected]>
AuthorDate: Thu Apr 25 22:23:37 2019 +0200

    2.11.0-M4-git-06 [JSPWIKI-1107] Fixing file upload XSS vulnerability
---
 jspwiki-main/src/main/java/org/apache/wiki/tags/PageNameTag.java | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/jspwiki-main/src/main/java/org/apache/wiki/tags/PageNameTag.java 
b/jspwiki-main/src/main/java/org/apache/wiki/tags/PageNameTag.java
index 9692cfd..7727d1e 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/tags/PageNameTag.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/tags/PageNameTag.java
@@ -1,4 +1,4 @@
-/* 
+/*
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
@@ -14,7 +14,7 @@
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
-    under the License.  
+    under the License.
  */
 package org.apache.wiki.tags;
 
@@ -23,6 +23,7 @@ import java.io.IOException;
 import org.apache.wiki.WikiEngine;
 import org.apache.wiki.WikiPage;
 import org.apache.wiki.attachment.Attachment;
+import org.apache.wiki.util.TextUtil;
 
 /**
  *  Returns the currently requested page name.
@@ -33,7 +34,7 @@ public class PageNameTag
     extends WikiTagBase
 {
     private static final long serialVersionUID = 0L;
-    
+
     public final int doWikiStartTag()
         throws IOException
     {
@@ -44,7 +45,7 @@ public class PageNameTag
         {
             if( page instanceof Attachment )
             {
-                pageContext.getOut().print( ((Attachment)page).getFileName() );
+                pageContext.getOut().print( TextUtil.replaceEntities( 
((Attachment)page).getFileName() ) );
             }
             else
             {

Reply via email to