Return-Path: Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: (qmail 51011 invoked from network); 24 Nov 2010 16:05:06 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 24 Nov 2010 16:05:06 -0000 Received: (qmail 1609 invoked by uid 500); 24 Nov 2010 16:05:38 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 1554 invoked by uid 500); 24 Nov 2010 16:05:38 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 1545 invoked by uid 99); 24 Nov 2010 16:05:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Nov 2010 16:05:37 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Nov 2010 16:05:35 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id oAOG5D6M000735 for ; Wed, 24 Nov 2010 16:05:13 GMT Message-ID: <6831766.288591290614713542.JavaMail.jira@thor> Date: Wed, 24 Nov 2010 11:05:13 -0500 (EST) From: "Jukka Zitting (JIRA)" To: dev@jackrabbit.apache.org Subject: [jira] Resolved: (JCR-2709) Missing XPath escape in query.jsp MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/JCR-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jukka Zitting resolved JCR-2709. -------------------------------- Resolution: Fixed Assignee: Jukka Zitting Thanks! Fixed in revision 1038657. > Missing XPath escape in query.jsp > --------------------------------- > > Key: JCR-2709 > URL: https://issues.apache.org/jira/browse/JCR-2709 > Project: Jackrabbit Content Repository > Issue Type: Bug > Components: jackrabbit-webapp > Affects Versions: 2.1.1 > Reporter: Jukka Zitting > Assignee: Jukka Zitting > Priority: Minor > Fix For: 2.2.0 > > Attachments: jcr-2709.patch > > > As reported by Canberk Bolat of ADEO Security in a private communication, there search.jsp script in jackrabbit-webapp is missing an escape when it injects the path of a "related:" query into the constructed XPath statement. Further analysis showed that this issue has no security implications, so we can treat this as a normal bug report. > search.jsp > ... > String q = request.getParameter("q"); > ... > if (q != null && q.length() > 0) { > String stmt; > if (q.startsWith("related:")) { > String path = q.substring("related:".length()); > stmt = "//element(*, nt:file)[rep:similar(jcr:content, > '" + path + "/jcr:content')]/rep:excerpt(.) order by @jcr:score > descending"; > queryTerms = "similar to " + > Text.encodeIllegalXMLCharacters(path) + ""; > } > ... -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.