calculate
/
gentoo-overlay
7
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7f315db932'
${ noResults }
gentoo-overlay/dev-java/struts/files/struts-CVE-2008-2025.patch

329 lines
13 KiB
Raw Blame History

diff --git a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
index 403ff97..386ccf3 100644
--- a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
+++ b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
@@ -35,6 +35,7 @@ import org.apache.struts.taglib.TagUtils;
import org.apache.struts.taglib.logic.IterateTag;
import org.apache.struts.util.MessageResources;
import org.apache.struts.util.RequestUtils;
+import org.apache.struts.util.ResponseUtils;
/**
* Base class for tags that render form elements capable of including JavaScript
@@ -898,10 +899,12 @@ public abstract class BaseHandlerTag extends BodyTagSupport {
*/
protected void prepareAttribute(StringBuffer handlers, String name, Object value) {
if (value != null) {
+ if (name.indexOf('"') >= 0)
+ throw new IllegalArgumentException("quote character in attribute name");
handlers.append(" ");
handlers.append(name);
handlers.append("=\"");
- handlers.append(value);
+ handlers.append(ResponseUtils.filterIfQuote(value.toString()));
handlers.append("\"");
}
}
diff --git a/src/share/org/apache/struts/taglib/html/FormTag.java b/src/share/org/apache/struts/taglib/html/FormTag.java
index e8eb9b4..ba2d782 100644
--- a/src/share/org/apache/struts/taglib/html/FormTag.java
+++ b/src/share/org/apache/struts/taglib/html/FormTag.java
@@ -37,6 +37,7 @@ import org.apache.struts.config.ModuleConfig;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
import org.apache.struts.util.RequestUtils;
+import org.apache.struts.util.ResponseUtils;
/**
* Custom tag that represents an input form, associated with a bean whose
@@ -547,10 +548,10 @@ public class FormTag extends TagSupport {
results.append(" action=\"");
results.append(
- response.encodeURL(
+ ResponseUtils.filterIfQuote(response.encodeURL(
TagUtils.getInstance().getActionMappingURL(
this.action,
- this.pageContext)));
+ this.pageContext))));
results.append("\"");
}
@@ -580,7 +581,7 @@ public class FormTag extends TagSupport {
results.append("<div><input type=\"hidden\" name=\"");
results.append(Constants.TOKEN_KEY);
results.append("\" value=\"");
- results.append(token);
+ results.append(ResponseUtils.filterIfQuote(token));
if (this.isXhtml()) {
results.append("\" />");
} else {
@@ -598,10 +599,12 @@ public class FormTag extends TagSupport {
*/
protected void renderAttribute(StringBuffer results, String attribute, String value) {
if (value != null) {
+ if (attribute.indexOf('"') >= 0)
+ throw new IllegalArgumentException("quote character in attribute name");
results.append(" ");
results.append(attribute);
results.append("=\"");
- results.append(value);
+ results.append(ResponseUtils.filterIfQuote(value));
results.append("\"");
}
}
diff --git a/src/share/org/apache/struts/taglib/html/HtmlTag.java b/src/share/org/apache/struts/taglib/html/HtmlTag.java
index fb64875..d4da38d 100644
--- a/src/share/org/apache/struts/taglib/html/HtmlTag.java
+++ b/src/share/org/apache/struts/taglib/html/HtmlTag.java
@@ -29,6 +29,7 @@ import javax.servlet.jsp.tagext.TagSupport;
import org.apache.struts.Globals;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
+import org.apache.struts.util.ResponseUtils;
/**
* Renders an HTML <html> element with appropriate language attributes if
@@ -151,20 +152,20 @@ public class HtmlTag extends TagSupport {
if ((this.lang || this.locale || this.xhtml) && validLanguage) {
sb.append(" lang=\"");
- sb.append(language);
+ sb.append(ResponseUtils.filterIfQuote(language));
if (validCountry) {
sb.append("-");
- sb.append(country);
+ sb.append(ResponseUtils.filterIfQuote(country));
}
sb.append("\"");
}
if (this.xhtml && validLanguage) {
sb.append(" xml:lang=\"");
- sb.append(language);
+ sb.append(ResponseUtils.filterIfQuote(language));
if (validCountry) {
sb.append("-");
- sb.append(country);
+ sb.append(ResponseUtils.filterIfQuote(country));
}
sb.append("\"");
}
diff --git a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
index 77d7dba..5da8317 100644
--- a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
+++ b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
@@ -45,6 +45,7 @@ import org.apache.struts.Globals;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.config.ModuleConfig;
import org.apache.struts.taglib.TagUtils;
+import org.apache.struts.util.ResponseUtils;
import org.apache.struts.util.MessageResources;
import org.apache.struts.validator.Resources;
import org.apache.struts.validator.ValidatorPlugIn;
@@ -850,7 +851,7 @@ public class JavascriptValidatorTag extends BodyTagSupport {
}
if (this.src != null) {
- start.append(" src=\"" + src + "\"");
+ start.append(" src=\"" + ResponseUtils.filterIfQuote(src) + "\"");
}
start.append("> \n");
diff --git a/src/share/org/apache/struts/taglib/html/OptionTag.java b/src/share/org/apache/struts/taglib/html/OptionTag.java
index 4df5c95..e9e4b2e 100644
--- a/src/share/org/apache/struts/taglib/html/OptionTag.java
+++ b/src/share/org/apache/struts/taglib/html/OptionTag.java
@@ -26,6 +26,7 @@ import javax.servlet.jsp.tagext.BodyTagSupport;
import org.apache.struts.Globals;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
+import org.apache.struts.util.ResponseUtils;
/**
* Tag for select options. The body of this tag is presented to the user
@@ -235,7 +236,7 @@ public class OptionTag extends BodyTagSupport {
protected String renderOptionElement() throws JspException {
StringBuffer results = new StringBuffer("<option value=\"");
- results.append(this.value);
+ results.append(ResponseUtils.filterIfQuote(this.value));
results.append("\"");
if (disabled) {
results.append(" disabled=\"disabled\"");
@@ -245,17 +246,17 @@ public class OptionTag extends BodyTagSupport {
}
if (style != null) {
results.append(" style=\"");
- results.append(style);
+ results.append(ResponseUtils.filterIfQuote(style));
results.append("\"");
}
if (styleId != null) {
results.append(" id=\"");
- results.append(styleId);
+ results.append(ResponseUtils.filterIfQuote(styleId));
results.append("\"");
}
if (styleClass != null) {
results.append(" class=\"");
- results.append(styleClass);
+ results.append(ResponseUtils.filterIfQuote(styleClass));
results.append("\"");
}
results.append(">");
diff --git a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
index 9999259..e5ecb66 100644
--- a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
+++ b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
@@ -30,6 +30,7 @@ import javax.servlet.jsp.tagext.TagSupport;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.struts.util.IteratorAdapter;
+import org.apache.struts.util.ResponseUtils;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
@@ -291,7 +292,7 @@ public class OptionsCollectionTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(value));
} else {
- sb.append(value);
+ sb.append(ResponseUtils.filterIfQuote(value));
}
sb.append("\"");
if (matched) {
@@ -299,12 +300,12 @@ public class OptionsCollectionTag extends TagSupport {
}
if (style != null) {
sb.append(" style=\"");
- sb.append(style);
+ sb.append(ResponseUtils.filterIfQuote(style));
sb.append("\"");
}
if (styleClass != null) {
sb.append(" class=\"");
- sb.append(styleClass);
+ sb.append(ResponseUtils.filterIfQuote(styleClass));
sb.append("\"");
}
@@ -313,7 +314,7 @@ public class OptionsCollectionTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(label));
} else {
- sb.append(label);
+ sb.append(ResponseUtils.filterIfQuote(label));
}
sb.append("</option>\r\n");
diff --git a/src/share/org/apache/struts/taglib/html/OptionsTag.java b/src/share/org/apache/struts/taglib/html/OptionsTag.java
index 90d716a..dbc14cf 100644
--- a/src/share/org/apache/struts/taglib/html/OptionsTag.java
+++ b/src/share/org/apache/struts/taglib/html/OptionsTag.java
@@ -32,6 +32,7 @@ import org.apache.commons.beanutils.PropertyUtils;
import org.apache.struts.util.IteratorAdapter;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
+import org.apache.struts.util.ResponseUtils;
/**
* Tag for creating multiple &lt;select&gt; options from a collection. The
@@ -313,7 +314,7 @@ public class OptionsTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(value));
} else {
- sb.append(value);
+ sb.append(ResponseUtils.filterIfQuote(value));
}
sb.append("\"");
if (matched) {
@@ -321,12 +322,12 @@ public class OptionsTag extends TagSupport {
}
if (style != null) {
sb.append(" style=\"");
- sb.append(style);
+ sb.append(ResponseUtils.filterIfQuote(style));
sb.append("\"");
}
if (styleClass != null) {
sb.append(" class=\"");
- sb.append(styleClass);
+ sb.append(ResponseUtils.filterIfQuote(styleClass));
sb.append("\"");
}
@@ -335,7 +336,7 @@ public class OptionsTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(label));
} else {
- sb.append(label);
+ sb.append(ResponseUtils.filterIfQuote(label));
}
sb.append("</option>\r\n");
diff --git a/src/share/org/apache/struts/taglib/html/RewriteTag.java b/src/share/org/apache/struts/taglib/html/RewriteTag.java
index 804e50c..63a2f03 100644
--- a/src/share/org/apache/struts/taglib/html/RewriteTag.java
+++ b/src/share/org/apache/struts/taglib/html/RewriteTag.java
@@ -24,6 +24,7 @@ import java.util.Map;
import javax.servlet.jsp.JspException;
import org.apache.struts.taglib.TagUtils;
+import org.apache.struts.util.ResponseUtils;
/**
* Generate a URL-encoded URI as a string.
@@ -72,7 +73,8 @@ public class RewriteTag extends LinkTag {
(messages.getMessage("rewrite.url", e.toString()));
}
- TagUtils.getInstance().write(pageContext, url);
+ TagUtils.getInstance().write(pageContext,
+ ResponseUtils.filterIfQuote(url));
return (SKIP_BODY);
diff --git a/src/share/org/apache/struts/util/ResponseUtils.java b/src/share/org/apache/struts/util/ResponseUtils.java
index 4588bb2..fe7e517 100644
--- a/src/share/org/apache/struts/util/ResponseUtils.java
+++ b/src/share/org/apache/struts/util/ResponseUtils.java
@@ -137,6 +137,37 @@ public class ResponseUtils {
}
+ /**
+ * Replace double-quote characters in the input string with
+ * proper HTML encoding.
+ *
+ * No other HTML-encoding is performed. As a result, the return value
+ * can only be safely used in (X)HTML attributes surrounded by
+ * double-quote characters (<code>"</code>).
+ *
+ * <p>Note that you should not use this function in new code.
+ * It is only intended for old code which needs to be
+ * backwards-compatible with incompletely-quoted attributes.
+ *
+ * @return a fresh string object if quoting is needed,
+ * otherwise the input string
+ */
+ public static String filterIfQuote(String value) {
+ if (value == null)
+ return null;
+ if (value.indexOf('"') >= 0) {
+ StringBuffer sb = new StringBuffer(value.length() + 2);
+ for (int i = 0; i < value.length(); ++i) {
+ final char ch = value.charAt(i);
+ if (ch == '"')
+ sb.append("&quot;");
+ else
+ sb.append(ch);
+ }
+ return sb.toString();
+ }
+ return value;
+ }
/**
Reference in new issue View Git Blame Copy Permalink