inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
93834: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)
      93734: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.1)
         - SOURCE/root/projects/remote-api/config/alfresco/templates/webscripts/org/alfresco/collaboration/calendar.get.html.ftl
           was removed from 5.0 as part of an EOL activity
         93559: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93544: Merged DEV to V4.2.4 (4.2.4)
               93482: MNT-13174: /share/service/components/form {htmlid} unsanitized: XSS vulnerability
                - Add html escape to avoid XSS vulnerability 
            93545: Merged DEV to V4.2.4 (4.2.4)
               93508 : MNT-13177 : /alfresco/wcservice/search/keyword {l} unsanitized: XSS vulnerability 
                  - Escape search.localeId property
            93549: Merged DEV to V4.2.4 (4.2.4)
               93540 : MNT-13173 : /share/service/components/form {destination} unsanitized: XSS vulnerability
                  - Add html escape to avoid XSS vulnerability
            93555: Merged DEV to V4.2.4 (4.2.4)
               93476: MNT-13178: /alfresco/wcservice/api/search/person {l} unsanitized: XSS vulnerability
                  - Add url escape to avoid XSS vulnerability
            93556: Merged DEV to V4.2.4 (4.2.4)
               93477: MNT-13176 : /alfresco/wcservice/collaboration/calendar {nodeRef} unsanitized: XSS vulnerability
                  - Added ?html built-in processing for nodeRef argument. 
         93718: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
            93671: Merged DEV to PATCHES/V4.2.4 (4.2.4)
               93661: MNT-13180: go through all API URI and confirm all parameters are sanitized
                  - Add unit test that checks all webscripts for sanitized parameters
            93672: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Add html escape to fix XSS vulnerability
            93691: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
               Patch imported blogsearch template


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94995 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2015-01-31 15:22:44 +00:00
parent 001e1846db
commit c993293931
6 changed files with 138 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
config/alfresco/patch/patch-services-context.xml
View File

@@ -1096,4 +1096,27 @@
</property>
</bean>
<bean id="patch.fixWebscriptTemplate" class="org.alfresco.repo.admin.patch.impl.FixTemplatePatch"
parent="basePatch">
<property name="id" value="patch.fixWebscriptTemplate" />
<property name="description" value="patch.fixWebscriptTemplate.description" />
<property name="fixesFromSchema">
<value>0</value>
</property>
<property name="fixesToSchema">
<value>9000</value>
</property>
<property name="targetSchema">
<value>9001</value>
</property>
<property name="contentService" ref="ContentService"/>
<property name="repository" ref="repositoryHelper"/>
<property name="target">
<value>/app:company_home/app:dictionary/cm:webscripts/cm:org/cm:alfresco/cm:sample/cm:blogsearch.get.html.ftl</value>
</property>
<property name="source">
<value>alfresco/bootstrap/webscripts/blogsearch.get.html.ftl</value>
</property>
</bean>
</beans>