Skip to content
This repository has been archived by the owner on Jun 3, 2020. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
1181152 - XSS when altering user details and going somewhere where yo…
…u are choosing user

        - Escaped tags in real names
  • Loading branch information
jiridostal committed Jul 22, 2015
1 parent 977383f commit dd41838
Show file tree
Hide file tree
Showing 8 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion backend/server/rhnPackage.py
Expand Up @@ -203,7 +203,7 @@ def get_info_for_package(pkg, channel_id, org_id):
'channel_id': channel_id,
'org_id': org_id}
# yum repo has epoch="0" not only when epoch is "0" but also if it's NULL
if pkg[3] == '0' or pkg[3] == '':
if pkg[3] == '0' or pkg[3] == '' or pkg[3]==None:
epochStatement = "(epoch is null or epoch = :epoch)"
else:
epochStatement = "epoch = :epoch"
Expand Down
Expand Up @@ -78,7 +78,7 @@
sortable="false"
headerkey="realname.displayname"
attr="userLastName">
<c:out value="${current.userDisplayName}" escapeXml="false" />
<c:out value="${current.userDisplayName}" escapeXml="true" />
</rl:column>
<rl:column bound="false"
sortable="false"
Expand Down
Expand Up @@ -55,7 +55,7 @@
sortable="false"
headerkey="realname.displayname"
attr="userLastName">
<c:out value="<a href=\"mailto:${current.address}\">${current.userLastName}, ${current.userFirstName}</a>" escapeXml="false"/>
<c:out value="<a href=\"mailto:${current.address}\">${current.userLastName}, ${current.userFirstName}</a>" escapeXml="true"/>
</rl:column>
<rl:column bound="false"
sortable="false"
Expand Down
2 changes: 1 addition & 1 deletion java/code/webapp/WEB-INF/pages/admin/users/activelist.jsp
Expand Up @@ -44,7 +44,7 @@
sortable="true"
headerkey="realname.displayname"
sortattr="userLastName">
<c:out value="${current.userLastName}, ${current.userFirstName}" />
<c:out escapeXml="true" value="${current.userLastName}, ${current.userFirstName}" />
</rl:column>

<!-- Roles column -->
Expand Down
Expand Up @@ -39,7 +39,7 @@
<rl:column sortable="false"
bound="false"
headerkey="realname.displayname" >
${current.userLastName}, ${current.userFirstName}
<c:out escapeXml="true" value="${current.userLastName},${current.userFirstName}" />
</rl:column>

<rl:column sortable="false"
Expand Down
Expand Up @@ -39,7 +39,7 @@
<rl:column sortable="false"
bound="false"
headerkey="realname.displayname" >
${current.userLastName}, ${current.userFirstName}
<c:out escapeXml="true" value="${current.userLastName},${current.userFirstName}" />
</rl:column>

<rl:column sortable="false"
Expand Down
Expand Up @@ -4,7 +4,7 @@
sortable="true"
headerkey="realname.displayname"
sortattr="userLastName">
<c:out value="${current.userLastName}, ${current.userFirstName}" />
<c:out escapeXml="true" value="${current.userLastName}, ${current.userFirstName}" />
</rl:column>

<rl:column bound="true"
Expand Down
2 changes: 1 addition & 1 deletion java/code/webapp/WEB-INF/pages/groups/adminlist.jsp
Expand Up @@ -50,7 +50,7 @@
<rl:column sortable="false"
bound="false"
headerkey="realname.displayname" >
${current.userLastName}, ${current.userFirstName}
<c:out escapeXml="true" value="${current.userLastName},${current.userFirstName}" />
</rl:column>

<rl:column sortable="true"
Expand Down

1 comment on commit dd41838

@jdobes
Copy link
Member

@jdobes jdobes commented on dd41838 Sep 8, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit is causing render issues on page /rhn/admin/multiorg/Users.do . There is a link which should not be escaped. Please check it.

Please sign in to comment.