inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
93834: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)
      93734: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.1)
         - SOURCE/root/projects/remote-api/config/alfresco/templates/webscripts/org/alfresco/collaboration/calendar.get.html.ftl
           was removed from 5.0 as part of an EOL activity
         93559: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93544: Merged DEV to V4.2.4 (4.2.4)
               93482: MNT-13174: /share/service/components/form {htmlid} unsanitized: XSS vulnerability
                - Add html escape to avoid XSS vulnerability 
            93545: Merged DEV to V4.2.4 (4.2.4)
               93508 : MNT-13177 : /alfresco/wcservice/search/keyword {l} unsanitized: XSS vulnerability 
                  - Escape search.localeId property
            93549: Merged DEV to V4.2.4 (4.2.4)
               93540 : MNT-13173 : /share/service/components/form {destination} unsanitized: XSS vulnerability
                  - Add html escape to avoid XSS vulnerability
            93555: Merged DEV to V4.2.4 (4.2.4)
               93476: MNT-13178: /alfresco/wcservice/api/search/person {l} unsanitized: XSS vulnerability
                  - Add url escape to avoid XSS vulnerability
            93556: Merged DEV to V4.2.4 (4.2.4)
               93477: MNT-13176 : /alfresco/wcservice/collaboration/calendar {nodeRef} unsanitized: XSS vulnerability
                  - Added ?html built-in processing for nodeRef argument. 
         93718: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93671: Merged DEV to PATCHES/V4.2.4 (4.2.4)
               93661: MNT-13180: go through all API URI and confirm all parameters are sanitized
                  - Add unit test that checks all webscripts for sanitized parameters
            93672: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Add html escape to fix XSS vulnerability
            93691: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Patch imported blogsearch template


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94995 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2015-01-31 15:22:44 +00:00
parent 9762aeb94f
commit 7e1f737e7e
7 changed files with 291 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/test-java/org/alfresco/repo/web/scripts/WebScriptTestSuite.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2014 Alfresco Software Limited.
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -104,6 +104,7 @@ public class WebScriptTestSuite extends TestSuite
suite.addTestSuite( FolderTemplateTest.class );
suite.addTestSuite( DeclarativeSpreadsheetWebScriptTest.class );
suite.addTestSuite( SlingshotContentGetTest.class);
suite.addTestSuite( XssVulnerabilityTest.class );
// This uses a slightly different context
// As such, we can't run it in the same suite as the others,