Skip to content

Commit

Permalink
AMQ-7231 - Fix XSS in WebConsole
Browse files Browse the repository at this point in the history
  • Loading branch information
coheigea committed Jan 24, 2020
1 parent 52816ef commit 81bd743
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 16 deletions.
2 changes: 1 addition & 1 deletion activemq-web-console/src/main/webapp/browse.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
<td><a href="<c:url value="message.jsp">
<c:param name="id" value="${row.JMSMessageID}" />
<c:param name="JMSDestination" value="${requestContext.queueBrowser.JMSDestination}"/></c:url>"
title="${row.properties}">${row.JMSMessageID}</a></td>
title="<c:out value="${row.properties}"/>">${row.JMSMessageID}</a></td>
<td><c:out value="${row.JMSCorrelationID}"/></td>
<td><jms:persistent message="${row}"/></td>
<td><c:out value="${row.JMSPriority}"/></td>
Expand Down
13 changes: 0 additions & 13 deletions activemq-web-console/src/main/webapp/js/common.js
Original file line number Diff line number Diff line change
Expand Up @@ -106,16 +106,3 @@ function getEventTarget(e) {
return targ;
}

function confirmAction(id, url) {
//TODO i18n messages
var select = document.getElementById(id);
var selectedIndex = select.selectedIndex;
if (select.selectedIndex == 0) {
alert("Please select a value");
return;
}
var value = select.options[selectedIndex].value;
url = url.replace(/%target%/gi, value);
if (confirm("Are you sure?"))
location.href=url;
}
20 changes: 18 additions & 2 deletions activemq-web-console/src/main/webapp/message.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ No message could be found for ID <c:out value="${requestContext.messageQuery.id}
</tr>
</c:if>
<tr class="odd">
<td><a href="<c:out value="javascript:confirmAction('queue', 'copyMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')">Copy</a></td>
<td><a href="<c:out value="javascript:confirmAction('queue', 'copyMessage"/>')">Copy</a></td>
<td rowspan="2">
<select id="queue">
<option value=""> -- Please select --</option>
Expand All @@ -165,7 +165,7 @@ No message could be found for ID <c:out value="${requestContext.messageQuery.id}

</tr>
<tr class="odd">
<td><a href="<c:out value="javascript:confirmAction('queue', 'moveMessage.action?destination=%target%&JMSDestination=${requestContext.messageQuery.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}"/>')"
<td><a href="<c:out value="javascript:confirmAction('queue', 'moveMessage"/>')"
>Move</a></td>
</tr>
</tbody>
Expand Down Expand Up @@ -225,6 +225,22 @@ function selectOptionByText (selElem, selText) {
}
}
function confirmAction(id, action) {
//TODO i18n messages
var select = document.getElementById(id);
var selectedIndex = select.selectedIndex;
if (select.selectedIndex == 0) {
alert("Please select a value");
return;
}
var value = select.options[selectedIndex].value;
var url = action + ".action?destination=" + value;
url += "&JMSDestination=${requestContext.messageQuery.JMSDestination}";
url += "&messageId=${row.JMSMessageID}&JMSDestinationType=queue&secret=${sessionScope['secret']}";
if (confirm("Are you sure?"))
location.href=url;
}
window.onload=function() {
sortSelect( document.getElementById('queue') );
selectOptionByText( document.getElementById('queue'), "-- Please select --" );
Expand Down

0 comments on commit 81bd743

Please sign in to comment.