This is an automated email from the ASF dual-hosted git repository. brushed pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 0b9a0149032170063f22d65e335dfd317db815ea Author: brushed <[email protected]> AuthorDate: Thu Nov 24 10:24:10 2022 +0100 XSS vulnerability reported by Eugene Lim and Sng Jay Kai. --- .../src/main/java/org/apache/wiki/plugin/BugReportHandler.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java b/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java index 351c070fc..f3d7eff0a 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/plugin/BugReportHandler.java @@ -14,7 +14,7 @@ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations - under the License. + under the License. */ package org.apache.wiki.plugin; @@ -31,6 +31,7 @@ import org.apache.wiki.api.spi.Wiki; import org.apache.wiki.pages.PageManager; import org.apache.wiki.parser.MarkupParser; import org.apache.wiki.preferences.Preferences; +import org.apache.wiki.util.TextUtil; import java.io.PrintWriter; import java.io.StringWriter; @@ -141,7 +142,7 @@ public class BugReportHandler implements Plugin { out.close(); // Now create a new page for this bug report - final String pageName = findNextPage( context, title, params.get( PARAM_PAGE ) ); + final String pageName = findNextPage( context, title, TextUtil.replaceEntities(params.get( PARAM_PAGE )) ); final Page newPage = Wiki.contents().page( context.getEngine(), pageName ); final Context newContext = context.clone(); newContext.setPage( newPage );
