abdera-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1495834 - /abdera/site/trunk/docs/api/index.html
Date Sun, 23 Jun 2013 16:20:07 GMT
Author: markt
Date: Sun Jun 23 16:20:06 2013
New Revision: 1495834

URL: http://svn.apache.org/r1495834
Log:
Fix published Javadoc affected by CVE-2013-1571.
This commit has been performed by the ASF Infrastructure team.

Please ensure that your build processes are reviewed (and fixed if
necessary) to ensure that any updates to this Javadoc do not
re-introduce the vulnerability.

Modified:
    abdera/site/trunk/docs/api/index.html

Modified: abdera/site/trunk/docs/api/index.html
URL: http://svn.apache.org/viewvc/abdera/site/trunk/docs/api/index.html?rev=1495834&r1=1495833&r2=1495834&view=diff
==============================================================================
--- abdera/site/trunk/docs/api/index.html (original)
+++ abdera/site/trunk/docs/api/index.html Sun Jun 23 16:20:06 2013
@@ -13,6 +13,42 @@ Apache Abdera 1.1.1 API
         targetPage = targetPage.substring(1);
     if (targetPage.indexOf(":") != -1)
         targetPage = "undefined";
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
     function loadFrames() {
         if (targetPage != "" && targetPage != "undefined")
              top.classFrame.location = top.targetPage;



Mime
View raw message