commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject svn commit: r866213 - /websites/production/commons/content/sandbox/commons-id/testapidocs/index.html
Date Wed, 19 Jun 2013 09:30:00 GMT
Author: sebb
Date: Wed Jun 19 09:30:00 2013
New Revision: 866213

Log:
Apply fix for CVE-2013-1571, a frame injection attack

Modified:
    websites/production/commons/content/sandbox/commons-id/testapidocs/index.html

Modified: websites/production/commons/content/sandbox/commons-id/testapidocs/index.html
==============================================================================
--- websites/production/commons/content/sandbox/commons-id/testapidocs/index.html (original)
+++ websites/production/commons/content/sandbox/commons-id/testapidocs/index.html Wed Jun
19 09:30:00 2013
@@ -11,6 +11,42 @@ Commons Id (Sandbox) 1.0-SNAPSHOT Test A
     targetPage = "" + window.location.search;
     if (targetPage != "" && targetPage != "undefined")
        targetPage = targetPage.substring(1);
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
     function loadFrames() {
         if (targetPage != "" && targetPage != "undefined")
              top.classFrame.location = top.targetPage;



Mime
View raw message