[JBoss JIRA] Created: (GTNPORTAL-1858) XSS issue in dashboard new page creation
by Thomas Heute (JIRA)
XSS issue in dashboard new page creation
----------------------------------------
Key: GTNPORTAL-1858
URL: https://issues.jboss.org/browse/GTNPORTAL-1858
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Thomas Heute
Assignee: Thomas Heute
Fix For: 3.2.0-GA
this issue has two subdivisions:
1. basic page add
login
click on dashboard, to the "on page editor" click on the "plus" button to add new page and set "<script>alert('hi');</script>" as its name
the javascript is now invoked
2. advanced page add
login, go to dashboard
click dashboard editor -> add new page
put "whatever" to node name and "<script>alert('hi');</script>" as node description
click next, next
the javascript is invoked
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 1 month
[JBoss JIRA] Created: (GTNPORTAL-1857) Incorrect versions of wsrp dependencies in extension-ear-as5 and extension-ear-as6
by Michal Vanco (JIRA)
Incorrect versions of wsrp dependencies in extension-ear-as5 and extension-ear-as6
----------------------------------------------------------------------------------
Key: GTNPORTAL-1857
URL: https://issues.jboss.org/browse/GTNPORTAL-1857
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: WSRP integration
Environment: GateIn trunk (04/12)
WSRP 2.1.0-Beta01
Reporter: Michal Vanco
Assignee: Chris Laprun
Fix For: 3.2.0-GA
There is a problem with application.xml files at
wsrp-integration/extension-ear-as5/src/main/application/META-INF/application.xml
wsrp-integration/extension-ear-as6/src/main/application/META-INF/application.xml
I think these files can be removed because you have defined dependencies and content of ear archive at pom.xml using maven-ear-plugin (and application.xml is generated automatically based on this definiton)
If removing is not a solution then version must be changed because for example now gatein is dependent on wsrp 2.1.0-Beta01, but application.xml files contain
<web-uri>wsrp-admin-gui-2.1.0-Alpha02.war</web-uri>
and
wsrp-producer-2.1.0-Alpha02.war
Btw. at default wsrp-integration/extension-ear module the application.xml isn't present and it's properly generated from maven-ear-plugin definition.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 1 month
[JBoss JIRA] Commented: (GTNPORTAL-1855) The GenericFilter should be called after that the request context has been properly set (ecmdemo portal, sample portal)
by Thomas Heute (JIRA)
[ https://issues.jboss.org/browse/GTNPORTAL-1855?page=com.atlassian.jira.pl... ]
Thomas Heute commented on GTNPORTAL-1855:
-----------------------------------------
That Jira is for sample portal (and ecmdemo, which should be a Jira @ eXo WCM project), GTNPORTAL-1339 was for the default portal.
> The GenericFilter should be called after that the request context has been properly set (ecmdemo portal, sample portal)
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: GTNPORTAL-1855
> URL: https://issues.jboss.org/browse/GTNPORTAL-1855
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Common integration
> Reporter: Martin Weiler
> Fix For: 3.2.0-GA
>
>
> The changes applied to 02portal.war/WEB-INF/web.xml as a result of the fix for JBEPP-486 also need to be applied to the web.xml files contained in the eppsp demo portal and sample portal. The filter mapping element for the GenericFilter has to be the last one in the list:
> <!-- other filter-mapping declarations -->
> <filter-mapping>
> <filter-name>GenericFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
> <!-- ================================================================== -->
> <!-- LISTENER -->
> <!-- ================================================================== -->
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 1 month
[JBoss JIRA] Commented: (GTNPORTAL-1855) The GenericFilter should be called after that the request context has been properly set (ecmdemo portal, sample portal)
by Trong Tran (JIRA)
[ https://issues.jboss.org/browse/GTNPORTAL-1855?page=com.atlassian.jira.pl... ]
Trong Tran commented on GTNPORTAL-1855:
---------------------------------------
isn't this fixed in GTNPORTAL-1339 ?
> The GenericFilter should be called after that the request context has been properly set (ecmdemo portal, sample portal)
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: GTNPORTAL-1855
> URL: https://issues.jboss.org/browse/GTNPORTAL-1855
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Common integration
> Reporter: Martin Weiler
> Fix For: 3.2.0-GA
>
>
> The changes applied to 02portal.war/WEB-INF/web.xml as a result of the fix for JBEPP-486 also need to be applied to the web.xml files contained in the eppsp demo portal and sample portal. The filter mapping element for the GenericFilter has to be the last one in the list:
> <!-- other filter-mapping declarations -->
> <filter-mapping>
> <filter-name>GenericFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
> <!-- ================================================================== -->
> <!-- LISTENER -->
> <!-- ================================================================== -->
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 1 month