This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new c52f29e Fixed: Post-auth XSS vulnerability at
catalog/control/EditProductPromo (OFBIZ-12096)
c52f29e is described below
commit c52f29e0ae7409884c620434def11f2c47bd380f
Author: Jacques Le Roux <[email protected]>
AuthorDate: Sat Dec 19 20:54:08 2020 +0100
Fixed: Post-auth XSS vulnerability at catalog/control/EditProductPromo
(OFBIZ-12096)
We missed to unescape EcmaScript encoded strings in
UtilCoded::checkStringForHtmlSafe, ie in all form fields using
allow-html="safe"
Thanks: 牛治 <[email protected]> for report
---
.../base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
index 449bd5d..9207dd8 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
@@ -479,8 +479,8 @@ public class UtilCodec {
}
if (value != null) {
- String filtered =
StringEscapeUtils.unescapeEcmaScript(policy.sanitize(value));
- if (filtered != null &&
!value.equals(StringEscapeUtils.unescapeHtml4(filtered))) {
+ String filtered = policy.sanitize(value);
+ if (filtered != null &&
!value.equals(StringEscapeUtils.unescapeEcmaScript(StringEscapeUtils.unescapeHtml4(filtered))))
{
String issueMsg = null;
if (locale.equals(new Locale("test"))) {
issueMsg = "In field [" + valueName + "] by our input
policy, your input has not been accepted "
