Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@activemq.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r915269 - in /activemq/trunk:
 activemq-web-console/src/main/webapp/
 activemq-web-console/src/main/webapp/WEB-INF/tags/form/
 activemq-web/src/main/java/org/apache/activemq/web/
Date: Tue, 23 Feb 2010 10:21:13 -0000
To: commits@activemq.apache.org
From: dejanb@apache.org
Message-Id: <20100223102114.230BC238897F@eris.apache.org>

Author: dejanb
Date: Tue Feb 23 10:21:13 2010
New Revision: 915269

URL: http://svn.apache.org/viewvc?rev=915269&view=rev
Log:
https://issues.apache.org/activemq/browse/AMQ-2613 - fix XSS security problem in web console

Modified:
    activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/short.tag
    activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/text.tag
    activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp
    activemq/trunk/activemq-web-console/src/main/webapp/message.jsp
    activemq/trunk/activemq-web-console/src/main/webapp/queueConsumers.jsp
    activemq/trunk/activemq-web-console/src/main/webapp/queues.jsp
    activemq/trunk/activemq-web-console/src/main/webapp/send.jsp
    activemq/trunk/activemq-web-console/src/main/webapp/topics.jsp
    activemq/trunk/activemq-web/src/main/java/org/apache/activemq/web/BrokerFacadeSupport.java

Modified: activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/short.tag
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/short.tag?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/short.tag (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/short.tag Tue Feb 23 10:21:13 2010
@@ -17,6 +17,8 @@
 <%@ attribute name="text" type="java.lang.String" required="true"  %>
 <%@ attribute name="length" type="java.lang.Integer" required="false" %>
 <%
+ text = org.apache.commons.lang.StringEscapeUtils.escapeHtml(text);
+ text = org.apache.commons.lang.StringEscapeUtils.escapeJavaScript(text);
  if (length == null)
     length = 20;
  if (text.length() <= 20) {

Modified: activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/text.tag
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/text.tag?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/text.tag (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/WEB-INF/tags/form/text.tag Tue Feb 23 10:21:13 2010
@@ -19,10 +19,12 @@
 <%
     String value = request.getParameter(name);
     if (value == null || value.trim().length() == 0) {
-    		value = defaultValue;
-		}
-		if (value == null) {
-			value = "";
-		}
+    	value = defaultValue;
+	}
+	if (value == null) {
+		value = "";
+	}
+	value = org.apache.commons.lang.StringEscapeUtils.escapeHtml(value);
+
 %>
 <input type="text" name="${name}" value="<%= value %>"/>

Modified: activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/browse.jsp Tue Feb 23 10:21:13 2010
@@ -39,7 +39,7 @@
 <tbody>
 <jms:forEachMessage queueBrowser="${requestContext.queueBrowser.browser}" var="row">
 <tr>
-<td><a href="message.jsp?id=${row.JMSMessageID}&JMSDestination=${requestContext.queueBrowser.JMSDestination}" 
+<td><a href="message.jsp?id=${row.JMSMessageID}&JMSDestination=<c:out value="${requestContext.queueBrowser.JMSDestination}" />" 
     title="${row.properties}">${row.JMSMessageID}</a></td>
 <td>${row.JMSCorrelationID}</td>
 <td><jms:persistent message="${row}"/></td>
@@ -49,7 +49,7 @@
 <td><jms:formatTimestamp timestamp="${row.JMSTimestamp}"/></td>
 <td>${row.JMSType}</td>
 <td>
-    <a href="deleteMessage.action?JMSDestination=${row.JMSDestination}&messageId=${row.JMSMessageID}">Delete</a>
+    <a href="deleteMessage.action?JMSDestination=<c:out value="${row.JMSDestination}"/>&messageId=${row.JMSMessageID}">Delete</a>
 </td>
 </tr>
 </jms:forEachMessage>
@@ -57,7 +57,7 @@
 </table>
 
 <div>
-<a href="queueConsumers.jsp?JMSDestination=${requestContext.queueBrowser.JMSDestination}">View Consumers</a>
+<a href="queueConsumers.jsp?JMSDestination=<c:out value="${requestContext.queueBrowser.JMSDestination}"/>">View Consumers</a>
 </div>
 </body>
 </html>

Modified: activemq/trunk/activemq-web-console/src/main/webapp/message.jsp
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/message.jsp?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/message.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/message.jsp Tue Feb 23 10:21:13 2010
@@ -130,16 +130,16 @@
                 </thead>
                 <tbody>
                     <tr>
-                        <td colspan="2"><a href="deleteMessage.action?JMSDestination=${row.JMSDestination}&messageId=${row.JMSMessageID}">Delete</a></td>
+                        <td colspan="2"><a href="deleteMessage.action?JMSDestination=<c:out value="${row.JMSDestination}" />&messageId=${row.JMSMessageID}">Delete</a></td>
                     </tr>
                     <tr class="odd">
-                    <td><a href="javascript:confirmAction('queue', 'copyMessage.action?destination=%target%&JMSDestination=${row.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue')">Copy</a></td>
+                    <td><a href="javascript:confirmAction('queue', 'copyMessage.action?destination=%target%&JMSDestination=<c:out value="${row.JMSDestination}" />&messageId=${row.JMSMessageID}&JMSDestinationType=queue')">Copy</a></td>
                         <td rowspan="2">
                             <select id="queue">
                                 <option value=""> -- Please select --</option>
                                 <c:forEach items="${requestContext.brokerQuery.queues}" var="queues">
                                     <c:if test="${queues.name != requestContext.messageQuery.JMSDestination}">
-                                    <option value="${queues.name}"><form:short text="${queues.name}"/></option>
+                                    <option value="<c:out value="${queues.name}" />"><form:short text="${queues.name}"/></option>
                                     </c:if>
                                 </c:forEach>
                             </select>
@@ -147,7 +147,7 @@
                         
                     </tr>
                     <tr class="odd">
-                        <td><a href="javascript:confirmAction('queue', 'moveMessage.action?destination=%target%&JMSDestination=${row.JMSDestination}&messageId=${row.JMSMessageID}&JMSDestinationType=queue')">Move</a></td>
+                        <td><a href="javascript:confirmAction('queue', 'moveMessage.action?destination=%target%&JMSDestination=<c:out value="${row.JMSDestination}" />&messageId=${row.JMSMessageID}&JMSDestinationType=queue')">Move</a></td>
                     </tr>
                 </tbody>
             </table>

Modified: activemq/trunk/activemq-web-console/src/main/webapp/queueConsumers.jsp
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/queueConsumers.jsp?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/queueConsumers.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/queueConsumers.jsp Tue Feb 23 10:21:13 2010
@@ -16,11 +16,11 @@
 --%>
 <html>
 <head>
-<title>Consumers for ${requestContext.queueConsumerQuery.JMSDestination}</title>
+<title>Consumers for <c:out value="${requestContext.queueConsumerQuery.JMSDestination}" /></title>
 </head>
 <body>
 
-<h2>Active Consumers for ${requestContext.queueConsumerQuery.JMSDestination}</h2>
+<h2>Active Consumers for <c:out value="${requestContext.queueConsumerQuery.JMSDestination}" /></h2>
 
 <table id="messages" class="sortable autostripe">
 <thead>

Modified: activemq/trunk/activemq-web-console/src/main/webapp/queues.jsp
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/queues.jsp?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/queues.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/queues.jsp Tue Feb 23 10:21:13 2010
@@ -48,22 +48,23 @@
 </thead>
 <tbody>
 <c:forEach items="${requestContext.brokerQuery.queues}" var="row">
+
 <tr>
-<td><a href="browse.jsp?JMSDestination=${row.name}"><form:tooltip text="${row.name}" length="50"/></a></td>
+<td><a href="browse.jsp?JMSDestination=<c:out value="${row.name}" />"><form:tooltip text="${row.name}" length="50"/></a></td>
 <td>${row.queueSize}</td>
 <td>${row.consumerCount}</td>
 <td>${row.enqueueCount}</td>
 <td>${row.dequeueCount}</td>
 <td>
-    <a href="browse.jsp?JMSDestination=${row.name}">Browse</a>
-	<a href="queueConsumers.jsp?JMSDestination=${row.name}">Active Consumers</a><br/>
-    <a href="queueBrowse/${row.name}?view=rss&feedType=atom_1.0" title="Atom 1.0"><img src="images/feed_atom.png"/></a>
-    <a href="queueBrowse/${row.name}?view=rss&feedType=rss_2.0" title="RSS 2.0"><img src="images/feed_rss.png"/></a>
+    <a href="browse.jsp?JMSDestination=<c:out value="${row.name}" />">Browse</a>
+	<a href="queueConsumers.jsp?JMSDestination=<c:out value="${row.name}" />">Active Consumers</a><br/>
+    <a href="queueBrowse/<c:out value="${row.name}" />?view=rss&feedType=atom_1.0" title="Atom 1.0"><img src="images/feed_atom.png"/></a>
+    <a href="queueBrowse/<c:out value="${row.name}" />?view=rss&feedType=rss_2.0" title="RSS 2.0"><img src="images/feed_rss.png"/></a>
 </td>
 <td>
-    <a href="send.jsp?JMSDestination=${row.name}&JMSDestinationType=queue">Send To</a>
-    <a href="purgeDestination.action?JMSDestination=${row.name}&JMSDestinationType=queue">Purge</a>
-    <a href="deleteDestination.action?JMSDestination=${row.name}&JMSDestinationType=queue">Delete</a>
+    <a href="send.jsp?JMSDestination=<c:out value="${row.name}" />&JMSDestinationType=queue">Send To</a>
+    <a href="purgeDestination.action?JMSDestination=<c:out value="${row.name}" />&JMSDestinationType=queue">Purge</a>
+    <a href="deleteDestination.action?JMSDestination=<c:out value="${row.name}" />&JMSDestinationType=queue">Delete</a>
 </td>
 </tr>
 </c:forEach>

Modified: activemq/trunk/activemq-web-console/src/main/webapp/send.jsp
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/send.jsp?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/send.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/send.jsp Tue Feb 23 10:21:13 2010
@@ -37,7 +37,7 @@
 	    <label for="JMSDestination">Destination</label>
 	</td>
 	<td>
-	    <form:text name="JMSDestination" defaultValue="foo.bar"/>
+	    <form:text name="JMSDestination" defaultValue="foo.bar" />
 	</td>
 	<td class="label">
 	    <label for="queue">Queue or Topic</label>

Modified: activemq/trunk/activemq-web-console/src/main/webapp/topics.jsp
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web-console/src/main/webapp/topics.jsp?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web-console/src/main/webapp/topics.jsp (original)
+++ activemq/trunk/activemq-web-console/src/main/webapp/topics.jsp Tue Feb 23 10:21:13 2010
@@ -46,13 +46,13 @@
 <tbody>
 <c:forEach items="${requestContext.brokerQuery.topics}" var="row">
 <tr>
-<td><a href="send.jsp?JMSDestination=${row.name}&JMSDestinationType=topic"><form:tooltip text="${row.name}" length="50"/></a></td>
+<td><a href="send.jsp?JMSDestination=<c:out value="${row.name}" />&JMSDestinationType=topic"><form:tooltip text="${row.name}" length="50"/></a></td>
 <td>${row.consumerCount}</td>
 <td>${row.enqueueCount}</td>
 <td>${row.dequeueCount}</td>
 <td>
-    <a href="send.jsp?JMSDestination=${row.name}&JMSDestinationType=topic">Send To</a>
-    <a href="deleteDestination.action?JMSDestination=${row.name}&JMSDestinationType=topic">Delete</a>
+    <a href="send.jsp?JMSDestination=<c:out value="${row.name}" />&JMSDestinationType=topic">Send To</a>
+    <a href="deleteDestination.action?JMSDestination=<c:out value="${row.name}" />&JMSDestinationType=topic">Delete</a>
 </td>
 </tr>
 </c:forEach>

Modified: activemq/trunk/activemq-web/src/main/java/org/apache/activemq/web/BrokerFacadeSupport.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-web/src/main/java/org/apache/activemq/web/BrokerFacadeSupport.java?rev=915269&r1=915268&r2=915269&view=diff
==============================================================================
--- activemq/trunk/activemq-web/src/main/java/org/apache/activemq/web/BrokerFacadeSupport.java (original)
+++ activemq/trunk/activemq-web/src/main/java/org/apache/activemq/web/BrokerFacadeSupport.java Tue Feb 23 10:21:13 2010
@@ -172,6 +172,7 @@
     @SuppressWarnings("unchecked")
     public Collection<SubscriptionViewMBean> getQueueConsumers(String queueName) throws Exception {
         String brokerName = getBrokerName();
+        queueName = StringUtils.replace(queueName, "\"", "_");
         ObjectName query = new ObjectName("org.apache.activemq:BrokerName=" + brokerName
                 + ",Type=Subscription,destinationType=Queue,destinationName=" + queueName + ",*");
         Set<ObjectName> queryResult = getManagementContext().queryNames(query, null);