Author: channa
Date: Tue Jul 15 00:09:52 2008
New Revision: 19291
URL: http://wso2.org/svn/browse/wso2?view=rev&revision=19291

Log:
Added encoding before sending current page parameters to target page, to 
prevent MASHUP-945.


Modified:
   trunk/mashup/java/modules/www/taskbar.jsp

Modified: trunk/mashup/java/modules/www/taskbar.jsp
URL: 
http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/www/taskbar.jsp?rev=19291&r1=19290&r2=19291&view=diff
==============================================================================
--- trunk/mashup/java/modules/www/taskbar.jsp   (original)
+++ trunk/mashup/java/modules/www/taskbar.jsp   Tue Jul 15 00:09:52 2008
@@ -283,10 +283,10 @@
         <ul>
             <li>
                 <% if (RegistryUtils.isPseudoUser(userRegistry)) { %>
-                    <a 
href="admin_act_user.jsp?enable=false&bounceback=<%=thisPage%>">Act as an 
Administrator</a>
+                    <a 
href="admin_act_user.jsp?enable=false&bounceback=<%=URLEncoder.encode(thisPage, 
"UTF-8")%>">Act as an Administrator</a>
                     <a class="help" title="Your account has Administrator 
priveleges, but you are currently acting in the role of a normal user. Change 
to the role of an Administrator by selecting 'Act as an Administrator'."><img 
src="images/blank.gif" /></a>
                 <% } else { %>
-                    <a 
href="admin_act_user.jsp?enable=true&bounceback=<%=thisPage%>">Act as a User</a>
+                    <a 
href="admin_act_user.jsp?enable=true&bounceback=<%=URLEncoder.encode(thisPage, 
"UTF-8")%>">Act as a User</a>
                     <a class="help" title="Your account has Administrator 
priveleges, which has great power but also allows you to accidentally modify or 
delete someone else's work.  You can perform day-to-day activities safely in 
the role of a normal User by selecting 'Act as a User'."><img 
src="images/blank.gif"/></a>
                 <% } %>
             </li>

_______________________________________________
Mashup-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev

Reply via email to