+1, thanks for taking care of that Ralph! Mike
On Mon, Jun 24, 2013 at 2:41 PM, Hari Shreedharan <[email protected] > wrote: > Thanks for fixing this, Ralph! > > > Cheers, > Hari > > > On Monday, June 24, 2013 at 2:28 PM, [email protected] wrote: > > > Author: rgoers > > Date: Mon Jun 24 21:28:46 2013 > > New Revision: 867285 > > > > Log: > > Fix Javadoc security issues > > > > Modified: > > > websites/production/flume/content/releases/content/1.0.0-incubating/apidocs/index.html > > > websites/production/flume/content/releases/content/1.1.0-incubating/apidocs/index.html > > > websites/production/flume/content/releases/content/1.2.0/apidocs/index.html > > > websites/production/flume/content/releases/content/1.3.0/apidocs/index.html > > > websites/production/flume/content/releases/content/1.3.1/apidocs/index.html > > > > Modified: > websites/production/flume/content/releases/content/1.0.0-incubating/apidocs/index.html > > > ============================================================================== > > --- > websites/production/flume/content/releases/content/1.0.0-incubating/apidocs/index.html > (original) > > +++ > websites/production/flume/content/releases/content/1.0.0-incubating/apidocs/index.html > Mon Jun 24 21:28:46 2013 > > @@ -13,6 +13,42 @@ Apache Flume 1.0.0-incubating API > > targetPage = targetPage.substring(1); > > if (targetPage.indexOf(":") != -1) > > targetPage = "undefined"; > > + if (targetPage != "" && !validURL(targetPage)) > > + targetPage = "undefined"; > > + function validURL(url) { > > + var pos = url.indexOf(".html"); > > + if (pos == -1 || pos != url.length - 5) > > + return false; > > + var allowNumber = false; > > + var allowSep = false; > > + var seenDot = false; > > + for (var i = 0; i < url.length - 5; i++) { > > + var ch = url.charAt(i); > > + if ('a' <= ch && ch <= 'z' || > > + 'A' <= ch && ch <= 'Z' || > > + ch == '$' || > > + ch == '_') { > > + allowNumber = true; > > + allowSep = true; > > + } else if ('0' <= ch && ch <= '9' > > + || ch == '-') { > > + if (!allowNumber) > > + return false; > > + } else if (ch == '/' || ch == '.') { > > + if (!allowSep) > > + return false; > > + allowNumber = false; > > + allowSep = false; > > + if (ch == '.') > > + seenDot = true; > > + if (ch == '/' && seenDot) > > + return false; > > + } else { > > + return false; > > + } > > + } > > + return true; > > + } > > function loadFrames() { > > if (targetPage != "" && targetPage != "undefined") > > top.classFrame.location = top.targetPage; > > > > Modified: > websites/production/flume/content/releases/content/1.1.0-incubating/apidocs/index.html > > > ============================================================================== > > --- > websites/production/flume/content/releases/content/1.1.0-incubating/apidocs/index.html > (original) > > +++ > websites/production/flume/content/releases/content/1.1.0-incubating/apidocs/index.html > Mon Jun 24 21:28:46 2013 > > @@ -13,6 +13,42 @@ Apache Flume 1.1.0-incubating API > > targetPage = targetPage.substring(1); > > if (targetPage.indexOf(":") != -1) > > targetPage = "undefined"; > > + if (targetPage != "" && !validURL(targetPage)) > > + targetPage = "undefined"; > > + function validURL(url) { > > + var pos = url.indexOf(".html"); > > + if (pos == -1 || pos != url.length - 5) > > + return false; > > + var allowNumber = false; > > + var allowSep = false; > > + var seenDot = false; > > + for (var i = 0; i < url.length - 5; i++) { > > + var ch = url.charAt(i); > > + if ('a' <= ch && ch <= 'z' || > > + 'A' <= ch && ch <= 'Z' || > > + ch == '$' || > > + ch == '_') { > > + allowNumber = true; > > + allowSep = true; > > + } else if ('0' <= ch && ch <= '9' > > + || ch == '-') { > > + if (!allowNumber) > > + return false; > > + } else if (ch == '/' || ch == '.') { > > + if (!allowSep) > > + return false; > > + allowNumber = false; > > + allowSep = false; > > + if (ch == '.') > > + seenDot = true; > > + if (ch == '/' && seenDot) > > + return false; > > + } else { > > + return false; > > + } > > + } > > + return true; > > + } > > function loadFrames() { > > if (targetPage != "" && targetPage != "undefined") > > top.classFrame.location = top.targetPage; > > > > Modified: > websites/production/flume/content/releases/content/1.2.0/apidocs/index.html > > > ============================================================================== > > --- > websites/production/flume/content/releases/content/1.2.0/apidocs/index.html > (original) > > +++ > websites/production/flume/content/releases/content/1.2.0/apidocs/index.html > Mon Jun 24 21:28:46 2013 > > @@ -13,6 +13,42 @@ Apache Flume 1.2.0 API > > targetPage = targetPage.substring(1); > > if (targetPage.indexOf(":") != -1) > > targetPage = "undefined"; > > + if (targetPage != "" && !validURL(targetPage)) > > + targetPage = "undefined"; > > + function validURL(url) { > > + var pos = url.indexOf(".html"); > > + if (pos == -1 || pos != url.length - 5) > > + return false; > > + var allowNumber = false; > > + var allowSep = false; > > + var seenDot = false; > > + for (var i = 0; i < url.length - 5; i++) { > > + var ch = url.charAt(i); > > + if ('a' <= ch && ch <= 'z' || > > + 'A' <= ch && ch <= 'Z' || > > + ch == '$' || > > + ch == '_') { > > + allowNumber = true; > > + allowSep = true; > > + } else if ('0' <= ch && ch <= '9' > > + || ch == '-') { > > + if (!allowNumber) > > + return false; > > + } else if (ch == '/' || ch == '.') { > > + if (!allowSep) > > + return false; > > + allowNumber = false; > > + allowSep = false; > > + if (ch == '.') > > + seenDot = true; > > + if (ch == '/' && seenDot) > > + return false; > > + } else { > > + return false; > > + } > > + } > > + return true; > > + } > > function loadFrames() { > > if (targetPage != "" && targetPage != "undefined") > > top.classFrame.location = top.targetPage; > > > > Modified: > websites/production/flume/content/releases/content/1.3.0/apidocs/index.html > > > ============================================================================== > > --- > websites/production/flume/content/releases/content/1.3.0/apidocs/index.html > (original) > > +++ > websites/production/flume/content/releases/content/1.3.0/apidocs/index.html > Mon Jun 24 21:28:46 2013 > > @@ -13,6 +13,42 @@ Apache Flume 1.3.0 API > > targetPage = targetPage.substring(1); > > if (targetPage.indexOf(":") != -1) > > targetPage = "undefined"; > > + if (targetPage != "" && !validURL(targetPage)) > > + targetPage = "undefined"; > > + function validURL(url) { > > + var pos = url.indexOf(".html"); > > + if (pos == -1 || pos != url.length - 5) > > + return false; > > + var allowNumber = false; > > + var allowSep = false; > > + var seenDot = false; > > + for (var i = 0; i < url.length - 5; i++) { > > + var ch = url.charAt(i); > > + if ('a' <= ch && ch <= 'z' || > > + 'A' <= ch && ch <= 'Z' || > > + ch == '$' || > > + ch == '_') { > > + allowNumber = true; > > + allowSep = true; > > + } else if ('0' <= ch && ch <= '9' > > + || ch == '-') { > > + if (!allowNumber) > > + return false; > > + } else if (ch == '/' || ch == '.') { > > + if (!allowSep) > > + return false; > > + allowNumber = false; > > + allowSep = false; > > + if (ch == '.') > > + seenDot = true; > > + if (ch == '/' && seenDot) > > + return false; > > + } else { > > + return false; > > + } > > + } > > + return true; > > + } > > function loadFrames() { > > if (targetPage != "" && targetPage != "undefined") > > top.classFrame.location = top.targetPage; > > > > Modified: > websites/production/flume/content/releases/content/1.3.1/apidocs/index.html > > > ============================================================================== > > --- > websites/production/flume/content/releases/content/1.3.1/apidocs/index.html > (original) > > +++ > websites/production/flume/content/releases/content/1.3.1/apidocs/index.html > Mon Jun 24 21:28:46 2013 > > @@ -13,6 +13,42 @@ Apache Flume 1.3.1 API > > targetPage = targetPage.substring(1); > > if (targetPage.indexOf(":") != -1) > > targetPage = "undefined"; > > + if (targetPage != "" && !validURL(targetPage)) > > + targetPage = "undefined"; > > + function validURL(url) { > > + var pos = url.indexOf(".html"); > > + if (pos == -1 || pos != url.length - 5) > > + return false; > > + var allowNumber = false; > > + var allowSep = false; > > + var seenDot = false; > > + for (var i = 0; i < url.length - 5; i++) { > > + var ch = url.charAt(i); > > + if ('a' <= ch && ch <= 'z' || > > + 'A' <= ch && ch <= 'Z' || > > + ch == '$' || > > + ch == '_') { > > + allowNumber = true; > > + allowSep = true; > > + } else if ('0' <= ch && ch <= '9' > > + || ch == '-') { > > + if (!allowNumber) > > + return false; > > + } else if (ch == '/' || ch == '.') { > > + if (!allowSep) > > + return false; > > + allowNumber = false; > > + allowSep = false; > > + if (ch == '.') > > + seenDot = true; > > + if (ch == '/' && seenDot) > > + return false; > > + } else { > > + return false; > > + } > > + } > > + return true; > > + } > > function loadFrames() { > > if (targetPage != "" && targetPage != "undefined") > > top.classFrame.location = top.targetPage; > > > > > > >
