[gatein-commits] gatein SVN: r7051 - in epp/portal/tags/EPP_5_1_1_GA: portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component and 1 other directory.

[do-not-reply at jboss.org]

Author: hfnukal
Date: 2011-08-11 06:33:07 -0400 (Thu, 11 Aug 2011)
New Revision: 7051

Modified:
   epp/portal/tags/EPP_5_1_1_GA/
   epp/portal/tags/EPP_5_1_1_GA/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java
Log:
JBEPP-997 XSS issue in category description


Property changes on: epp/portal/tags/EPP_5_1_1_GA
___________________________________________________________________
Modified: svn:mergeinfo
   - /epp/portal/branches/EPP_5_1_0_GA_JBEPP-795:5868
/epp/portal/branches/EPP_5_1_WSRP:6737
/portal/branches/branch-GTNPORTAL-1592:4894
/portal/branches/branch-GTNPORTAL-1643:5002,5063,5167
/portal/branches/branch-GTNPORTAL-1700:5348,5402,5445
/portal/branches/branch-GTNPORTAL-1731:5668
/portal/branches/branch-GTNPORTAL-1745:5765
/portal/branches/branch-GTNPORTAL-1822:5943
/portal/branches/branch-GTNPORTAL-1832:6030,6063
/portal/branches/branch-GTNPORTAL-1872:6533
/portal/trunk:4891,5744,5943,6168,6196,6201-6203,6205-6206,6857
   + /epp/portal/branches/EPP_5_1_0_GA_JBEPP-795:5868
/epp/portal/branches/EPP_5_1_Branch:7041
/epp/portal/branches/EPP_5_1_WSRP:6737
/portal/branches/branch-GTNPORTAL-1592:4894
/portal/branches/branch-GTNPORTAL-1643:5002,5063,5167
/portal/branches/branch-GTNPORTAL-1700:5348,5402,5445
/portal/branches/branch-GTNPORTAL-1731:5668
/portal/branches/branch-GTNPORTAL-1745:5765
/portal/branches/branch-GTNPORTAL-1822:5943
/portal/branches/branch-GTNPORTAL-1832:6030,6063
/portal/branches/branch-GTNPORTAL-1872:6533
/portal/trunk:4891,5744,5943,6168,6196,6201-6203,6205-6206,6857

Modified: epp/portal/tags/EPP_5_1_1_GA/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java
===================================================================
--- epp/portal/tags/EPP_5_1_1_GA/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java	2011-08-11 09:16:38 UTC (rev 7050)
+++ epp/portal/tags/EPP_5_1_1_GA/portlet/exoadmin/src/main/java/org/exoplatform/applicationregistry/webui/component/UICategoryForm.java	2011-08-11 10:33:07 UTC (rev 7051)
@@ -41,6 +41,7 @@
 import org.exoplatform.webui.form.validator.StringLengthValidator;
 import org.exoplatform.webui.organization.UIListPermissionSelector;
 import org.exoplatform.webui.organization.UIListPermissionSelector.EmptyIteratorValidator;
+import org.gatein.common.text.EntityEncoder;
 
 import java.util.ArrayList;
 import java.util.Date;
@@ -104,7 +105,7 @@
       category_ = category;
       uiSetting.getUIStringInput(FIELD_NAME).setEditable(false).setValue(category_.getName());
       uiSetting.getUIStringInput(FIELD_DISPLAY_NAME).setValue(category_.getDisplayName());
-      uiSetting.getUIFormTextAreaInput(FIELD_DESCRIPTION).setValue(category_.getDescription());
+      uiSetting.getUIFormTextAreaInput(FIELD_DESCRIPTION).setValue( EntityEncoder.FULL.encode(category_.getDescription()) );
       List<String> accessPermissions = category_.getAccessPermissions();
       String[] per = new String[accessPermissions.size()];
       if (accessPermissions != null && accessPermissions.size() > 0)