[gatein-commits] gatein SVN: r3942 - in epp/portal/branches/EPP_5_0_Branch: webui/portal/src/main/java/org/exoplatform/portal/webui/application and 1 other directory.

do-not-reply at jboss.org do-not-reply at jboss.org
Thu Aug 26 07:20:31 EDT 2010 

Author: thomas.heute at jboss.com
Date: 2010-08-26 07:20:30 -0400 (Thu, 26 Aug 2010)
New Revision: 3942

Modified:
   epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
   epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties
   epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
Log:
JBEPP-192: XSS in portlet settings


Modified: epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
===================================================================
--- epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties	2010-08-26 09:32:37 UTC (rev 3941)
+++ epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties	2010-08-26 11:20:30 UTC (rev 3942)
@@ -323,6 +323,8 @@
 UIPortletForm.Theme.title.SetDefault=Get Default
 UIPortletForm.Icon.title.SetDefault=Get Default
 UIPortletForm.msg.InvalidWidthHeight=You must enter a pixel value in field "{0}".
+UIPortletForm.msg.InvalidPortletTitle=Portlet title is invalid, it should not contain < or >.
+UIPortletForm.msg.InvalidPortletDescription=Portlet description is invalid, it should not contain < or >.
 
   #############################################################################
   #       org.exoplatform.portal.component.customization.UIDescription        #

Modified: epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties
===================================================================
--- epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties	2010-08-26 09:32:37 UTC (rev 3941)
+++ epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties	2010-08-26 11:20:30 UTC (rev 3942)
@@ -299,6 +299,8 @@
 UIPortletForm.Theme.title.SetDefault=Utiliser la valeur par défaut
 UIPortletForm.Icon.title.SetDefault=Utiliser la valeur par défaut
 UIPortletForm.msg.InvalidWidthHeight=Le champ "{0}" doit être une valeur en pixel!
+UIPortletForm.msg.InvalidPortletTitle=Le title de la portlet est invalide, il ne doit pas contenir < ni >.
+UIPortletForm.msg.InvalidPortletDescription=La description de la portlet est invalide, elle ne doit pas contenir < ni >.
 
   #############################################################################
   #       org.exoplatform.portal.component.customization.UIDescription        #

Modified: epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
===================================================================
--- epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java	2010-08-26 09:32:37 UTC (rev 3941)
+++ epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java	2010-08-26 11:20:30 UTC (rev 3942)
@@ -113,7 +113,8 @@
                      addValidator(MandatoryValidator.class).setEditable(false)).
       addUIFormInput(new UIFormStringInput("windowId", "windowId", null).setEditable(false)).*/
             addUIFormInput(new UIFormInputInfo("displayName", "displayName", null)).addUIFormInput(
-         new UIFormStringInput("title", "title", null).addValidator(StringLengthValidator.class, 3, 60))
+         new UIFormStringInput("title", "title", null).addValidator(StringLengthValidator.class, 3, 60).addValidator(ExpressionValidator.class, "[^\\<\\>]*", 
+               "UIPortletForm.msg.InvalidPortletTitle"))
          .addUIFormInput(
             new UIFormStringInput("width", "width", null).addValidator(ExpressionValidator.class, "(^([1-9]\\d*)px$)?",
                "UIPortletForm.msg.InvalidWidthHeight")).addUIFormInput(
@@ -123,7 +124,7 @@
          new UIFormCheckBoxInput("showPortletMode", "showPortletMode", false)).addUIFormInput(
          new UIFormCheckBoxInput("showWindowState", "showWindowState", false)).addUIFormInput(
          new UIFormTextAreaInput("description", "description", null).addValidator(StringLengthValidator.class, 0,
-            255));
+            255).addValidator(ExpressionValidator.class, "[^\\<\\>]*", "UIPortletForm.msg.InvalidPortletDescription"));
       addUIFormInput(uiSettingSet);
       UIFormInputIconSelector uiIconSelector = new UIFormInputIconSelector("Icon", "icon");
       addUIFormInput(uiIconSelector);

More information about the gatein-commits mailing list