[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15025642#comment-15025642 ] Miriam Celi commented on SOLR-7949: --- I wasn't sure if 5.3.0 was one of the affected versions, since the Details included at the top of the record only lists 4.9, 4.10.4, 5.2.1 as affected versions. Perhaps Affected Versions should be set to "All versions prior to 5.3.1" in order to avoid confusion??? > Thers is a xss issue in plugins/stats page of Admin Web UI. > --- > > Key: SOLR-7949 > URL: https://issues.apache.org/jira/browse/SOLR-7949 > Project: Solr > Issue Type: Bug > Components: web gui >Affects Versions: 4.9, 4.10.4, 5.2.1 >Reporter: davidchiu >Assignee: Jan Høydahl > Fix For: 5.4, 5.3.1, Trunk > > > Open Solr Admin Web UI, select a core(such as collection1) and then click > "Plugins/stats",and type a url like > "http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score= src=1 onerror=alert(1);> to the browser address, you will get alert box with > "1". > I changed follow code to resolve this problem: > The Original code: > for( var i = 0; i < entry_count; i++ ) > { > $( 'a[data-bean="' + entries[i] + '"]', frame_element ) > .parent().addClass( 'expanded' ); > } > The Changed code: > for( var i = 0; i < entry_count; i++ ) > { > $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element ) > .parent().addClass( 'expanded' ); > } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15025439#comment-15025439 ] Upayavira commented on SOLR-7949: - [~mceli] from the fix version, it looks like it was resolved in 5.3.1, so yes, it is in 5.3.0. > Thers is a xss issue in plugins/stats page of Admin Web UI. > --- > > Key: SOLR-7949 > URL: https://issues.apache.org/jira/browse/SOLR-7949 > Project: Solr > Issue Type: Bug > Components: web gui >Affects Versions: 4.9, 4.10.4, 5.2.1 >Reporter: davidchiu >Assignee: Jan Høydahl > Fix For: 5.4, 5.3.1, Trunk > > > Open Solr Admin Web UI, select a core(such as collection1) and then click > "Plugins/stats",and type a url like > "http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score= src=1 onerror=alert(1);> to the browser address, you will get alert box with > "1". > I changed follow code to resolve this problem: > The Original code: > for( var i = 0; i < entry_count; i++ ) > { > $( 'a[data-bean="' + entries[i] + '"]', frame_element ) > .parent().addClass( 'expanded' ); > } > The Changed code: > for( var i = 0; i < entry_count; i++ ) > { > $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element ) > .parent().addClass( 'expanded' ); > } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15024787#comment-15024787 ] Miriam Celi commented on SOLR-7949: --- Does this issue also affect version 5.3.0? > Thers is a xss issue in plugins/stats page of Admin Web UI. > --- > > Key: SOLR-7949 > URL: https://issues.apache.org/jira/browse/SOLR-7949 > Project: Solr > Issue Type: Bug > Components: web gui >Affects Versions: 4.9, 4.10.4, 5.2.1 >Reporter: davidchiu >Assignee: Jan Høydahl > Fix For: 5.4, 5.3.1, Trunk > > > Open Solr Admin Web UI, select a core(such as collection1) and then click > "Plugins/stats",and type a url like > "http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score= src=1 onerror=alert(1);> to the browser address, you will get alert box with > "1". > I changed follow code to resolve this problem: > The Original code: > for( var i = 0; i < entry_count; i++ ) > { > $( 'a[data-bean="' + entries[i] + '"]', frame_element ) > .parent().addClass( 'expanded' ); > } > The Changed code: > for( var i = 0; i < entry_count; i++ ) > { > $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element ) > .parent().addClass( 'expanded' ); > } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14709018#comment-14709018 ] ASF subversion and git services commented on SOLR-7949: --- Commit 1697341 from jan...@apache.org in branch 'dev/branches/lucene_solr_5_3' [ https://svn.apache.org/r1697341 ] SOLR-7949: Resolve XSS issue in Admin UI stats page (backport) Thers is a xss issue in plugins/stats page of Admin Web UI. --- Key: SOLR-7949 URL: https://issues.apache.org/jira/browse/SOLR-7949 Project: Solr Issue Type: Bug Components: web gui Affects Versions: 4.9, 4.10.4, 5.2.1 Reporter: davidchiu Assignee: Jan Høydahl Fix For: Trunk, 5.4, 5.3.1 Open Solr Admin Web UI, select a core(such as collection1) and then click Plugins/stats,and type a url like http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=img src=1 onerror=alert(1); to the browser address, you will get alert box with 1. I changed follow code to resolve this problem: The Original code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i] + ']', frame_element ) .parent().addClass( 'expanded' ); } The Changed code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i].esc() + ']', frame_element ) .parent().addClass( 'expanded' ); } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14708985#comment-14708985 ] Upayavira commented on SOLR-7949: - Thanks! And, please note that there is a new instance of the UI, backed by AngularJS that will at some point take over from the one you have been reviewing. I would *love* to have your eye cast over that one too. It *should* be feature-to-feature compatible with the old one. In Solr 5.3 it is at http://localhost:8983/solr/index.html# Thers is a xss issue in plugins/stats page of Admin Web UI. --- Key: SOLR-7949 URL: https://issues.apache.org/jira/browse/SOLR-7949 Project: Solr Issue Type: Bug Components: web gui Affects Versions: 4.9, 4.10.4, 5.2.1 Reporter: davidchiu Assignee: Jan Høydahl Fix For: Trunk, 5.4, 5.3.1 Open Solr Admin Web UI, select a core(such as collection1) and then click Plugins/stats,and type a url like http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=img src=1 onerror=alert(1); to the browser address, you will get alert box with 1. I changed follow code to resolve this problem: The Original code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i] + ']', frame_element ) .parent().addClass( 'expanded' ); } The Changed code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i].esc() + ']', frame_element ) .parent().addClass( 'expanded' ); } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14708704#comment-14708704 ] davidchiu commented on SOLR-7949: - OK,I will try to uploading patch files where finding bugs。 Thers is a xss issue in plugins/stats page of Admin Web UI. --- Key: SOLR-7949 URL: https://issues.apache.org/jira/browse/SOLR-7949 Project: Solr Issue Type: Bug Components: web gui Affects Versions: 4.9, 4.10.4, 5.2.1 Reporter: davidchiu Assignee: Jan Høydahl Fix For: Trunk, 5.4, 5.3.1 Open Solr Admin Web UI, select a core(such as collection1) and then click Plugins/stats,and type a url like http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=img src=1 onerror=alert(1); to the browser address, you will get alert box with 1. I changed follow code to resolve this problem: The Original code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i] + ']', frame_element ) .parent().addClass( 'expanded' ); } The Changed code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i].esc() + ']', frame_element ) .parent().addClass( 'expanded' ); } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14706572#comment-14706572 ] Jan Høydahl commented on SOLR-7949: --- [~davidchiu] thanks for your bug reports. I don't know if you do all your research in FireBug or if you download the full Solr source code and build yourself. If you do the latter, please consider uploading your findings as a patch file. See more in https://wiki.apache.org/solr/HowToContribute Thers is a xss issue in plugins/stats page of Admin Web UI. --- Key: SOLR-7949 URL: https://issues.apache.org/jira/browse/SOLR-7949 Project: Solr Issue Type: Bug Components: web gui Affects Versions: 4.9, 4.10.4, 5.2.1 Reporter: davidchiu Assignee: Jan Høydahl Fix For: Trunk, 5.4, 5.3.1 Open Solr Admin Web UI, select a core(such as collection1) and then click Plugins/stats,and type a url like http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=img src=1 onerror=alert(1); to the browser address, you will get alert box with 1. I changed follow code to resolve this problem: The Original code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i] + ']', frame_element ) .parent().addClass( 'expanded' ); } The Changed code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i].esc() + ']', frame_element ) .parent().addClass( 'expanded' ); } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14706396#comment-14706396 ] ASF subversion and git services commented on SOLR-7949: --- Commit 1696903 from jan...@apache.org in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1696903 ] SOLR-7949: Resolve XSS issue in Admin UI stats page (backport) Thers is a xss issue in plugins/stats page of Admin Web UI. --- Key: SOLR-7949 URL: https://issues.apache.org/jira/browse/SOLR-7949 Project: Solr Issue Type: Bug Components: web gui Affects Versions: 4.9, 4.10.4, 5.2.1 Reporter: davidchiu Assignee: Jan Høydahl Fix For: Trunk, 5.4, 5.3.1 Open Solr Admin Web UI, select a core(such as collection1) and then click Plugins/stats,and type a url like http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=img src=1 onerror=alert(1); to the browser address, you will get alert box with 1. I changed follow code to resolve this problem: The Original code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i] + ']', frame_element ) .parent().addClass( 'expanded' ); } The Changed code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i].esc() + ']', frame_element ) .parent().addClass( 'expanded' ); } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7949) Thers is a xss issue in plugins/stats page of Admin Web UI.
[ https://issues.apache.org/jira/browse/SOLR-7949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14704819#comment-14704819 ] ASF subversion and git services commented on SOLR-7949: --- Commit 1696782 from jan...@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1696782 ] SOLR-7949: Resolve XSS issue in Admin UI stats page Thers is a xss issue in plugins/stats page of Admin Web UI. --- Key: SOLR-7949 URL: https://issues.apache.org/jira/browse/SOLR-7949 Project: Solr Issue Type: Bug Components: web gui Affects Versions: 4.9, 4.10.4, 5.2.1 Reporter: davidchiu Assignee: Jan Høydahl Fix For: Trunk, 5.4, 5.3.1 Open Solr Admin Web UI, select a core(such as collection1) and then click Plugins/stats,and type a url like http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=img src=1 onerror=alert(1); to the browser address, you will get alert box with 1. I changed follow code to resolve this problem: The Original code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i] + ']', frame_element ) .parent().addClass( 'expanded' ); } The Changed code: for( var i = 0; i entry_count; i++ ) { $( 'a[data-bean=' + entries[i].esc() + ']', frame_element ) .parent().addClass( 'expanded' ); } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org