[
https://issues.apache.org/jira/browse/JCR-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jukka Zitting resolved JCR-2709.
--------------------------------
Resolution: Fixed
Assignee: Jukka Zitting
Thanks! Fixed in revision 1038657.
> Missing XPath escape in query.jsp
> ---------------------------------
>
> Key: JCR-2709
> URL: https://issues.apache.org/jira/browse/JCR-2709
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-webapp
> Affects Versions: 2.1.1
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 2.2.0
>
> Attachments: jcr-2709.patch
>
>
> As reported by Canberk Bolat of ADEO Security in a private communication,
> there search.jsp script in jackrabbit-webapp is missing an escape when it
> injects the path of a "related:" query into the constructed XPath statement.
> Further analysis showed that this issue has no security implications, so we
> can treat this as a normal bug report.
> search.jsp
> ...
> String q = request.getParameter("q");
> ...
> if (q != null && q.length() > 0) {
> String stmt;
> if (q.startsWith("related:")) {
> String path = q.substring("related:".length());
> stmt = "//element(*, nt:file)[rep:similar(jcr:content,
> '" + path + "/jcr:content')]/rep:excerpt(.) order by @jcr:score
> descending";
> queryTerms = "similar to <b>" +
> Text.encodeIllegalXMLCharacters(path) + "</b>";
> }
> ...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
