gatein SVN: r3942 - in epp/portal/branches/EPP_5_0_Branch: webui/portal/src/main/java/org/exoplatform/portal/webui/application and 1 other directory. - gatein-commits

Thursday, 26 August 2010


Author: thomas.heute(a)jboss.com
Date: 2010-08-26 07:20:30 -0400 (Thu, 26 Aug 2010)
New Revision: 3942

Modified:
  
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
  
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties
  
epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
Log:
JBEPP-192: XSS in portlet settings


Modified:
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties
===================================================================
---
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties	2010-08-26
09:32:37 UTC (rev 3941)
+++
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_en.properties	2010-08-26
11:20:30 UTC (rev 3942)
@@ -323,6 +323,8 @@
 UIPortletForm.Theme.title.SetDefault=Get Default
 UIPortletForm.Icon.title.SetDefault=Get Default
 UIPortletForm.msg.InvalidWidthHeight=You must enter a pixel value in field
"{0}".
+UIPortletForm.msg.InvalidPortletTitle=Portlet title is invalid, it should not contain
< or >.
+UIPortletForm.msg.InvalidPortletDescription=Portlet description is invalid, it should not
contain < or >.
 
   #############################################################################
   #       org.exoplatform.portal.component.customization.UIDescription        #

Modified:
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties
===================================================================
---
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties	2010-08-26
09:32:37 UTC (rev 3941)
+++
epp/portal/branches/EPP_5_0_Branch/web/portal/src/main/webapp/WEB-INF/classes/locale/portal/webui_fr.properties	2010-08-26
11:20:30 UTC (rev 3942)
@@ -299,6 +299,8 @@
 UIPortletForm.Theme.title.SetDefault=Utiliser la valeur par défaut
 UIPortletForm.Icon.title.SetDefault=Utiliser la valeur par défaut
 UIPortletForm.msg.InvalidWidthHeight=Le champ "{0}" doit être une valeur en
pixel!
+UIPortletForm.msg.InvalidPortletTitle=Le title de la portlet est invalide, il ne doit pas
contenir < ni >.
+UIPortletForm.msg.InvalidPortletDescription=La description de la portlet est invalide,
elle ne doit pas contenir < ni >.
 
   #############################################################################
   #       org.exoplatform.portal.component.customization.UIDescription        #

Modified:
epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java
===================================================================
---
epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java	2010-08-26
09:32:37 UTC (rev 3941)
+++
epp/portal/branches/EPP_5_0_Branch/webui/portal/src/main/java/org/exoplatform/portal/webui/application/UIPortletForm.java	2010-08-26
11:20:30 UTC (rev 3942)
@@ -113,7 +113,8 @@
                      addValidator(MandatoryValidator.class).setEditable(false)).
       addUIFormInput(new UIFormStringInput("windowId", "windowId",
null).setEditable(false)).*/
             addUIFormInput(new UIFormInputInfo("displayName",
"displayName", null)).addUIFormInput(
-         new UIFormStringInput("title", "title",
null).addValidator(StringLengthValidator.class, 3, 60))
+         new UIFormStringInput("title", "title",
null).addValidator(StringLengthValidator.class, 3,
60).addValidator(ExpressionValidator.class, "[^\\<\\>]*", 
+               "UIPortletForm.msg.InvalidPortletTitle"))
          .addUIFormInput(
             new UIFormStringInput("width", "width",
null).addValidator(ExpressionValidator.class, "(^([1-9]\\d*)px$)?",
                "UIPortletForm.msg.InvalidWidthHeight")).addUIFormInput(
@@ -123,7 +124,7 @@
          new UIFormCheckBoxInput("showPortletMode",
"showPortletMode", false)).addUIFormInput(
          new UIFormCheckBoxInput("showWindowState",
"showWindowState", false)).addUIFormInput(
          new UIFormTextAreaInput("description", "description",
null).addValidator(StringLengthValidator.class, 0,
-            255));
+            255).addValidator(ExpressionValidator.class, "[^\\<\\>]*",
"UIPortletForm.msg.InvalidPortletDescription"));
       addUIFormInput(uiSettingSet);
       UIFormInputIconSelector uiIconSelector = new
UIFormInputIconSelector("Icon", "icon");
       addUIFormInput(uiIconSelector);


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

gatein SVN: r3942 - in epp/portal/branches/EPP_5_0_Branch: webui/portal/src/main/java/org/exoplatform/portal/webui/application and 1 other directory.