This is an automated email from the ASF dual-hosted git repository.
mbien pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git.
from f90f714 quote $ and \ to not confuse the Matcher.
new 2d5bc97 RememberMeService should use a better hash function.
new 3b53a62 Context URL validation.
new d673ecd TagDataServlet: Escape URIs for XML output to make CodeQL
happy.
new 24e5302 FileContentManagerImpl: Validate Path before creating a File.
new 28f9ca1 FileContentManagerImpl: Validate filename in
saveFileContent() + use stream transferTo() shortcut.
new 2181cb7 FolderEdit: HTTP response splitting defense.
new 5a4af10 WeblogRequestMapper: Use already validated weblog handle for
redirect logic.
new 27c1201 close the right stream (getter would return a new stream).
new c86fffe set cookie "secure" and "SameSite" flags by default.
new 440ef70 CodeQL: don't scan JS files three times.
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/codeql/codeql-config.yml | 14 ++++
.github/workflows/codeql-analysis.yml | 10 +--
.../weblogger/business/FileContentManagerImpl.java | 79 +++++++++-------------
.../business/themes/ThemeManagerImpl.java | 6 +-
.../weblogger/ui/core/filters/InitFilter.java | 42 +++++++-----
.../ui/core/security/RollerRememberMeServices.java | 8 +--
.../ui/rendering/WeblogRequestMapper.java | 4 +-
.../weblogger/ui/struts2/editor/FolderEdit.java | 7 +-
.../webservices/tagdata/TagDataServlet.java | 6 +-
app/src/main/webapp/theme/scripts/roller.js | 5 +-
10 files changed, 92 insertions(+), 89 deletions(-)
create mode 100644 .github/codeql/codeql-config.yml
