Skip to content
This repository has been archived by the owner on Jun 3, 2020. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
1320444 - Bad bean-message ids and navbar-vars can lead to XSS issues
Fixed generally in LocalizationService and DialognavRenderer, removed
some attempts at fixing specific locations.
  • Loading branch information
ggainey committed Mar 29, 2016
1 parent 12bf86b commit 7b9ff9a
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 18 deletions.
Expand Up @@ -14,17 +14,6 @@
*/
package com.redhat.rhn.common.localization;

import com.redhat.rhn.common.conf.Config;
import com.redhat.rhn.common.conf.ConfigDefaults;
import com.redhat.rhn.common.db.datasource.DataResult;
import com.redhat.rhn.common.db.datasource.ModeFactory;
import com.redhat.rhn.common.db.datasource.SelectMode;
import com.redhat.rhn.common.util.StringUtil;
import com.redhat.rhn.frontend.context.Context;

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;

import java.text.Collator;
import java.text.DateFormat;
import java.text.NumberFormat;
Expand All @@ -47,6 +36,17 @@
import java.util.TreeMap;
import java.util.TreeSet;

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;

import com.redhat.rhn.common.conf.Config;
import com.redhat.rhn.common.conf.ConfigDefaults;
import com.redhat.rhn.common.db.datasource.DataResult;
import com.redhat.rhn.common.db.datasource.ModeFactory;
import com.redhat.rhn.common.db.datasource.SelectMode;
import com.redhat.rhn.common.util.StringUtil;
import com.redhat.rhn.frontend.context.Context;

/**
* Localization service class to simplify the job for producing localized
* (translated) strings within the product.
Expand Down Expand Up @@ -368,7 +368,7 @@ private String getMissingMessageString(String messageId) {
if (exceptionMode) {
throw new IllegalArgumentException(message);
}
return "**" + messageId + "**";
return StringEscapeUtils.escapeHtml("**" + messageId + "**");
}

/**
Expand Down
Expand Up @@ -15,11 +15,13 @@

package com.redhat.rhn.frontend.nav;

import com.redhat.rhn.frontend.html.HtmlTag;

import java.util.Map;
import java.util.StringTokenizer;

import org.apache.commons.lang.StringEscapeUtils;

import com.redhat.rhn.frontend.html.HtmlTag;

/**
* DialognavRenderer - renders a navigation bar
*
Expand Down Expand Up @@ -135,7 +137,8 @@ private void renderNode(StringBuffer sb, NavNode node,
// if currentVar is null, values will be null too, so we can
// just check values.
if (values != null) {
formVars.append(currentVar + "=" + values[0]);
formVars.append(currentVar + "=" +
StringEscapeUtils.escapeHtml(values[0]));
}
}
href += formVars.toString();
Expand Down
Expand Up @@ -11,8 +11,8 @@
action="${param.url}?csrf_token=${csrfToken}"
enctype="multipart/form-data">
<rhn:csrf />
<h2><bean:message key="${fn:escapeXml(param.title_key)}"/></h2>
<p><bean:message key="${fn:escapeXml(param.summary_key)}"/></p>
<h2><bean:message key="${param.title_key)}"/></h2>
<p><bean:message key="${param.summary_key}"/></p>
<div class="form-group">
<label class="col-lg-3 control-label">
<rhn:required-field key="kickstart.jsp.create.wizard.kickstart.profile.label"/>:
Expand Down
Expand Up @@ -12,7 +12,7 @@
<%@ include file="/WEB-INF/pages/common/fragments/systems/system-header.jspf" %>

<rhn:toolbar base="h2" icon="header-event-history">
<bean:message key="${fn:escapeXml(headerLabel)}" />
<bean:message key="${headerLabel}" />
</rhn:toolbar>

<html:form method="post" action="/systems/details/history/Event.do?sid=${system.id}&aid=${requestScope.aid}">
Expand Down

0 comments on commit 7b9ff9a

Please sign in to comment.