[
https://issues.apache.org/jira/browse/SOLR-7920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14699693#comment-14699693
]
Uwe Schindler commented on SOLR-7920:
-------------------------------------
bq. SOLR-7920 is correctly listed under 5.3 in branch lucene_solr_5_3 but under
5.4 in branch_5x and trunk
That was discussed before. The changes entries need to be moved NOW. Maybe this
causes the confusing stuff. In any case, the release manager should check the
CHANGES.txt after the relaese and remove duplicates and sync them between
release, branch_5x and trunk branches. I did this on every release that I
managed.
> Thers is a xss issue in schema-browser page of Admin Web UI.
> ------------------------------------------------------------
>
> Key: SOLR-7920
> URL: https://issues.apache.org/jira/browse/SOLR-7920
> Project: Solr
> Issue Type: Bug
> Components: web gui
> Affects Versions: 4.9, 4.10.4, 5.2.1
> Reporter: davidchiu
> Assignee: Upayavira
> Fix For: 5.3
>
>
> Open Solr Admin Web UI, select a core(such as collection1) and then click
> "schema-browse",and input a url like
> "http://127.0.0.1:8983/solr/#/collection1/schema-browser?field=cat=<img src=1
> onerror=alert(1);>" to the browser address, you will get alert box with "1".
> I changed follow code to void this problem:
> Original code:
> $( 'option[value="' + params.route_params.path + '"]',
> related_select_element )
> .attr( 'selected', 'selected' );
> Changed code:
> $( 'option[value="' + params.route_params.path.esc() + '"]',
> related_select_element )
> .attr( 'selected', 'selected' );
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
