inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-10-22 15:12:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
93834: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)
      93734: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.1)
         - SOURCE/root/projects/remote-api/config/alfresco/templates/webscripts/org/alfresco/collaboration/calendar.get.html.ftl
           was removed from 5.0 as part of an EOL activity
         93559: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93544: Merged DEV to V4.2.4 (4.2.4)
               93482: MNT-13174: /share/service/components/form {htmlid} unsanitized: XSS vulnerability
                - Add html escape to avoid XSS vulnerability 
            93545: Merged DEV to V4.2.4 (4.2.4)
               93508 : MNT-13177 : /alfresco/wcservice/search/keyword {l} unsanitized: XSS vulnerability 
                  - Escape search.localeId property
            93549: Merged DEV to V4.2.4 (4.2.4)
               93540 : MNT-13173 : /share/service/components/form {destination} unsanitized: XSS vulnerability
                  - Add html escape to avoid XSS vulnerability
            93555: Merged DEV to V4.2.4 (4.2.4)
               93476: MNT-13178: /alfresco/wcservice/api/search/person {l} unsanitized: XSS vulnerability
                  - Add url escape to avoid XSS vulnerability
            93556: Merged DEV to V4.2.4 (4.2.4)
               93477: MNT-13176 : /alfresco/wcservice/collaboration/calendar {nodeRef} unsanitized: XSS vulnerability
                  - Added ?html built-in processing for nodeRef argument. 
         93718: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93671: Merged DEV to PATCHES/V4.2.4 (4.2.4)
               93661: MNT-13180: go through all API URI and confirm all parameters are sanitized
                  - Add unit test that checks all webscripts for sanitized parameters
            93672: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Add html escape to fix XSS vulnerability
            93691: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Patch imported blogsearch template


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94995 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2015-01-31 15:22:44 +00:00
parent 001e1846db
commit c993293931
6 changed files with 138 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/alfresco/bootstrap/webscripts/blogsearch.get.atom.ftl
View File

@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<generator version="${server.version}">Alfresco (${server.edition})</generator>
<title>Blog query: ${args.q}</title>
<title>Blog query: ${args.q?html}</title>
<updated>${xmldate(date)}</updated>
<icon>${absurl(url.context)}/images/logo/AlfrescoLogo16.ico</icon>
<#list resultset as node>

2
config/alfresco/bootstrap/webscripts/blogsearch.get.html.ftl
View File

@@ -1,7 +1,7 @@
<html>
<body>
<img src="${url.context}/images/logo/AlfrescoLogo32.png" alt="Alfresco" />
Blog query: ${args.q}
Blog query: ${args.q?html}
<br>
<table>
<#list resultset as node>