Return-Path: 
 <jspwiki-commits-return-1009-apmail-incubator-jspwiki-commits-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-jspwiki-commits-archive@locus.apache.org
Received: (qmail 98901 invoked from network); 20 Nov 2008 20:25:15 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 20 Nov 2008 20:25:15 -0000
Received: (qmail 4769 invoked by uid 500); 20 Nov 2008 20:25:24 -0000
Delivered-To: apmail-incubator-jspwiki-commits-archive@incubator.apache.org
Received: (qmail 4753 invoked by uid 500); 20 Nov 2008 20:25:24 -0000
Mailing-List: contact jspwiki-commits-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:jspwiki-commits-help@incubator.apache.org>
List-Unsubscribe: <mailto:jspwiki-commits-unsubscribe@incubator.apache.org>
List-Post: <mailto:jspwiki-commits@incubator.apache.org>
List-Id: <jspwiki-commits.incubator.apache.org>
Reply-To: jspwiki-dev@incubator.apache.org
Delivered-To: mailing list jspwiki-commits@incubator.apache.org
Received: (qmail 4744 invoked by uid 99); 20 Nov 2008 20:25:24 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Nov 2008 12:25:24 -0800
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Nov 2008 20:24:09 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 9523B238896B; Thu, 20 Nov 2008 12:24:54 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r719355 - in /incubator/jspwiki/trunk: ./
 src/com/ecyrd/jspwiki/
 src/webdocs/scripts/ src/webdocs/templates/default/
 src/webdocs/templates/default/skins/PlainVanilla 800x600/
Date: Thu, 20 Nov 2008 20:24:54 -0000
To: jspwiki-commits@incubator.apache.org
From: brushed@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20081120202454.9523B238896B@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: brushed
Date: Thu Nov 20 12:24:53 2008
New Revision: 719355

URL: http://svn.apache.org/viewvc?rev=719355&view=rev
Log:
* 3.0.0-svn-10  -- merged from 2.8.1-svn-12
        
        * [JSPWIKI-381] fixed a bug with periodicially refreshed sneak-preview
        while in section-edit mode. When section-edit was active,
        linefeeds were inserted at every sneak-prev refresh.
        
        * [JSPWIKI-384] Filter js-scripts from input fields and cookies.
        (xss vulnerability)
        
        * Add new 800x600 plain vanilla skin

Added:
    incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/
    incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css
    incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js
Modified:
    incubator/jspwiki/trunk/ChangeLog
    incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
    incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js
    incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js
    incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp
    incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css

Modified: incubator/jspwiki/trunk/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/ChangeLog?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/ChangeLog (original)
+++ incubator/jspwiki/trunk/ChangeLog Thu Nov 20 12:24:53 2008
@@ -1,3 +1,16 @@
+2008-11-20  Dirk Frederickx <dirk.frederickx@gmail.com>
+
+        * 3.0.0-svn-10  -- merged from 2.8.1-svn-12
+        
+        * [JSPWIKI-381] fixed a bug with periodicially refreshed sneak-preview
+        while in section-edit mode. When section-edit was active,
+        linefeeds were inserted at every sneak-prev refresh.
+        
+        * [JSPWIKI-384] Filter js-scripts from input fields and cookies.
+        (xss vulnerability)
+        
+        * Added 800x600 plain-vanilla skin
+        
 2008-11-18 Harry Metske <metskem@apache.org>
 
         * 3.0.0-svn-9

Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java Thu Nov 20 12:24:53 2008
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "9";
+    public static final String     BUILD         = "10";
     
     /**
      *  This is the generic version string you should use

Modified: incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js (original)
+++ incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-common.js Thu Nov 20 12:24:53 2008
@@ -64,6 +64,12 @@
 	trunc: function(size,elips){
 		if( !elips ) elips="...";
 		return (this.length<size) ? this : this.substring(0,size)+elips;
+	},
+	stripScripts: function(){
+		var text = this.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi, function(){
+			return '';
+		});
+		return text;
 	}
 })
 
@@ -376,6 +382,7 @@
 		$('progressbar').setStyle('visibility','visible');
 		this.progressbar =
 		Wiki.jsonrpc.periodical(1000, this, ["progressTracker.getProgress",[progress],function(result){
+			result = result.stripScripts(); //xss vulnerability
 			if(!result.code) $('progressbar').getFirst().setStyle('width',result+'%').setHTML(result+'%');
 		}]);
 
@@ -828,6 +835,8 @@
 
 			var ul = new Element('ul',{'id':'recentItems'}).inject($('recentSearches').show());
 			this.recent.each(function(el){
+				// xss vulnerability JSPWIKI-384
+				el = el.stripScripts();				
 				new Element('a',{
 					'href':'#', 
 					'events': {'click':function(){ q.value = el; q.form.submit(); }}
@@ -898,7 +907,7 @@
 	},
 
 	submit: function(){ 
-		var v = this.query.value;
+		var v = this.query.value.stripScripts(); //xss vulnerability
 		if( v == this.query.defaultValue) this.query.value = '';
 		if( !this.recent ) this.recent=[];
 		if( !this.recent.test(v) ){
@@ -915,7 +924,7 @@
 	},
 
 	ajaxQuickSearch: function(){
-		var qv = this.query.value ;
+		var qv = this.query.value.stripScripts() ;
 		if( (qv==null) || (qv.trim()=="") || (qv==this.query.defaultValue) ) {
 			$('searchOutput').empty();
 			return;
@@ -1622,7 +1631,7 @@
 		if( !q && document.referrer.test("(?:\\?|&)(?:q|query)=([^&]*)","g") ) q = RegExp.$1;
 		if( !q ) return;
 
-		var words = decodeURIComponent(q);
+		var words = decodeURIComponent(q).stripScripts(); //xss vulnerability
 		words = words.replace( /\+/g, " " );
 		words = words.replace( /\s+-\S+/g, "" );
 		words = words.replace( /([\(\[\{\\\^\$\|\)\?\*\.\+])/g, "\\$1" ); //escape metachars

Modified: incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js (original)
+++ incubator/jspwiki/trunk/src/webdocs/scripts/jspwiki-edit.js Thu Nov 20 12:24:53 2008
@@ -655,11 +655,11 @@
 		this.cacheTextarea=ta.value;
 
 		if( this.sections ){
-			var	s = ta.value;
-			if( s.lastIndexOf("\n") + 1 != s.length ) ta.value += '\n';
-
-			s = ma.value;
-			ma.value = s.substring(0, ta.begin) + ta.value + s.substring(ta.end);
+			var	s = ma.value,
+				//insert \n to ensure the next line's !!!header remains at column 0.
+				addNewLine = ((ta.value.slice(-1) != '\n')  && (s.charAt(ta.end) =='!')) ? '\n' : '';
+			
+			ma.value = s.substring(0, ta.begin) + ta.value + addNewLine + s.substring(ta.end);
 			ta.end = ta.begin + ta.value.length;
 			this.onSectionLoad();  //refresh section-edit menu
 		}		

Modified: incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp (original)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/Favorites.jsp Thu Nov 20 12:24:53 2008
@@ -78,7 +78,7 @@
 %%collapsebox-closed
 ! [My Favorites|{$username}Favorites]
 [{InsertPage page='{$username}Favorites' }]
-%% }]
+/% }]
   </wiki:Translate>
   </wiki:UserCheck>
 

Modified: incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css?rev=719355&r1=719354&r2=719355&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css (original)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/jspwiki.css Thu Nov 20 12:24:53 2008
@@ -222,7 +222,7 @@
 .wikiform {
 }
 .wikiform tr {
-	vertical-align:middle;
+	vertical-align:top;
 }
 .wikiform td {
 }

Added: incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla%20800x600/skin.css?rev=719355&view=auto
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css (added)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.css Thu Nov 20 12:24:53 2008
@@ -0,0 +1,13 @@
+#wikibody{width:750px;margin:1em auto;padding:.5em;}
+#header,#footer{padding:0;width:750px;}
+#header .applicationlogo{position:static;float:left;width:80px;}
+#header .breadcrumbs{float:none;}
+#favorites{width:150px;}
+#page,#wikibody.fav-left #page,#wikibody.fav-right #page{width:590px;}
+#collapseFavsWrapper #favorites{border:none;}
+#wikibody.fav-slide #page{width:750px;}
+/*
+#header .userbox{display:none;}
+#favorites .userbox{display:block;border:2px solid #ddd;}
+*/
+#pagecontent{width:100%;}
\ No newline at end of file

Added: incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla%20800x600/skin.js?rev=719355&view=auto
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js (added)
+++ incubator/jspwiki/trunk/src/webdocs/templates/default/skins/PlainVanilla 800x600/skin.js Thu Nov 20 12:24:53 2008
@@ -0,0 +1,19 @@
+/**
+ ** Skin javascript extensions
+ **
+ **/
+
+/*  
+if( RoundedCorners )
+{  
+  var r = RoundedCorners;
+  r.register( "#header",    ['bbbb', 'eee', 'ddd' ] );
+  r.register( "#footer",    ['bbbb', 'eee', 'ddd' ] );
+
+  r.register( "#favorites", ['yyyy', 'eee', 'ddd'] );
+
+  r.register( ".commentbox",['yyyy', 'transparent', 'ddd'] );
+  r.register( ".tabmenu a", ['yynn', 'transparent', 'ddd'] );
+
+}
+*/ 
\ No newline at end of file