This is an automated email from the ASF dual-hosted git repository.
brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
The following commit(s) were added to refs/heads/master by this push:
new f43ac38 2.11.0-M5-git-16 Also fixed preview.jsp vulnerability
f43ac38 is described below
commit f43ac386c8cd3e5fed7069e8fc8286668c86b5f8
Author: brushed <[email protected]>
AuthorDate: Tue Sep 3 20:44:23 2019 +0200
2.11.0-M5-git-16 Also fixed preview.jsp vulnerability
---
ChangeLog | 2 ++
jspwiki-war/src/main/webapp/Comment.jsp | 8 ++++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 0775090..bcd1948 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@
* Fixed InfoContent.jsp vulnerability in old jspwiki template
(templates/211/...)
related to the rename parameter.
+ * Fixed preview.jsp vulnerability related to the remember parameter.
+
2019-31-08 Dirk Frederickx (brushed AT apache DOT org)
diff --git a/jspwiki-war/src/main/webapp/Comment.jsp
b/jspwiki-war/src/main/webapp/Comment.jsp
index f08b743..40cd8c3 100644
--- a/jspwiki-war/src/main/webapp/Comment.jsp
+++ b/jspwiki-war/src/main/webapp/Comment.jsp
@@ -82,7 +82,7 @@
String cancel = request.getParameter("cancel");
String author = TextUtil.replaceEntities( request.getParameter("author")
);
String link = TextUtil.replaceEntities( request.getParameter("link") );
- String remember = request.getParameter("remember");
+ String remember = TextUtil.replaceEntities(
request.getParameter("remember") );
String changenote = TextUtil.replaceEntities( request.getParameter(
"changenote" ) );
WikiPage wikipage = wikiContext.getPage();
@@ -105,7 +105,11 @@
remember = (String)session.getAttribute("remember");
}
- if( remember == null ) remember = "false";
+ if( remember == null ) {
+ remember = "false";
+ } else {
+ remember = "true";
+ }
session.setAttribute("remember",remember);
