inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.1.N (5.1.3) to 5.2.N (5.2.1)

Browse Source 
134638 kroast: ACE-5700 - [Security] Reflected XSS in admin-tenantconsole

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@135777 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2017-03-13 14:05:21 +00:00
parent 0ec271c0b7
commit d08dd37c35
2 changed files with 80 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
config/alfresco/web-client-security-config.xml
View File

@@ -79,6 +79,66 @@
<param name="cookie">{token}</param> <param name="cookie">{token}</param>
</action> </action>
</rule> </rule>
<rule>
<request>
<method>GET</method>
<path>/wcservice/enterprise/admin/.*</path>
</request>
<action name="generateToken">
<param name="session">{token}</param>
<param name="cookie">{token}</param>
</action>
</rule>
<rule>
<request>
<method>GET</method>
<path>/wcs/enterprise/admin/.*</path>
</request>
<action name="generateToken">
<param name="session">{token}</param>
<param name="cookie">{token}</param>
</action>
</rule>
<rule>
<request>
<method>GET</method>
<path>/service/admin/.*</path>
</request>
<action name="generateToken">
<param name="session">{token}</param>
<param name="cookie">{token}</param>
</action>
</rule>
<rule>
<request>
<method>GET</method>
<path>/s/admin/.*</path>
</request>
<action name="generateToken">
<param name="session">{token}</param>
<param name="cookie">{token}</param>
</action>
</rule>
<rule>
<request>
<method>GET</method>
<path>/wcservice/admin/.*</path>
</request>
<action name="generateToken">
<param name="session">{token}</param>
<param name="cookie">{token}</param>
</action>
</rule>
<rule>
<request>
<method>GET</method>
<path>/wcs/admin/.*</path>
</request>
<action name="generateToken">
<param name="session">{token}</param>
<param name="cookie">{token}</param>
</action>
</rule>
<!-- <!--
Verify multipart requests contain the token as a parameter Verify multipart requests contain the token as a parameter

20
source/web/WEB-INF/web.xml
View File

@@ -256,6 +256,26 @@
<filter-name>CSRF Token Filter</filter-name> <filter-name>CSRF Token Filter</filter-name>
<url-pattern>/s/admin/*</url-pattern> <url-pattern>/s/admin/*</url-pattern>
</filter-mapping> </filter-mapping>
<filter-mapping>
<filter-name>CSRF Token Filter</filter-name>
<url-pattern>/wcservice/enterprise/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRF Token Filter</filter-name>
<url-pattern>/wcs/enterprise/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRF Token Filter</filter-name>
<url-pattern>/wcservice/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRF Token Filter</filter-name>
<url-pattern>/wcs/admin/*</url-pattern>
</filter-mapping>
<!-- Enterprise filter-mapping placeholder --> <!-- Enterprise filter-mapping placeholder -->