inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (Cloud/4.3) to HEAD (Cloud/4.3)

Browse Source 
62517: Merged V4.2-BUG-FIX (4.2.2) to HEAD-BUG-FIX (Cloud/4.3)
      62259: Merged DEV to V4.2-BUG-FIX
      61593 : MNT-10642 : Alfresco Explorer has javascript vulnerability opening HTML files
       Before opening HTML files via Alfresco Explorer remove javascript using StringUtils 
      62178 : MNT-10642 : Alfresco Explorer has javascript vulnerability opening HTML files
       Was corrected code


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@62790 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2014-02-19 12:01:07 +00:00
parent 801fbdbb66
commit ec0ae9541c
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
source/java/org/alfresco/web/app/servlet/BaseDownloadContentServlet.java
View File

@@ -50,6 +50,7 @@ import org.alfresco.web.app.Application;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.springframework.extensions.surf.util.URLDecoder; import org.springframework.extensions.surf.util.URLDecoder;
import org.springframework.extensions.surf.util.URLEncoder; import org.springframework.extensions.surf.util.URLEncoder;
import org.springframework.extensions.webscripts.ui.common.StringUtils;
/** /**
* Base class for the download content servlets. Provides common * Base class for the download content servlets. Provides common
@@ -340,6 +341,32 @@ public abstract class BaseDownloadContentServlet extends BaseServlet
res.setContentType(mimetype); res.setContentType(mimetype);
res.setCharacterEncoding(reader.getEncoding()); res.setCharacterEncoding(reader.getEncoding());
// MNT-10642 Alfresco Explorer has javascript vulnerability opening HTML files
if (req.getRequestURI().contains("/d/d/") && (mimetype.equals("text/html") || mimetype.equals("application/xhtml+xml") || mimetype.equals("text/xml")))
{
String content = reader.getContentString();
if (mimetype.equals("text/html") || mimetype.equals("application/xhtml+xml"))
{
// process with HTML stripper
content = StringUtils.stripUnsafeHTMLTags(content, false);
}
else if (mimetype.equals("text/xml") && mimetype.equals("text/x-component"))
{
// IE supports "behaviour" which means that css can load a .htc file that could
// contain XSS code in the form of jscript, vbscript etc, to stop it form being
// evaluated we set the contient type to text/plain
res.setContentType("text/plain");
}
String encoding = reader.getEncoding();
byte[] bytes = encoding != null ? content.getBytes(encoding) : content.getBytes();
res.setContentLength(bytes.length);
res.getOutputStream().write(bytes);
return;
}
// return the complete entity range // return the complete entity range
long size = reader.getSize(); long size = reader.getSize();
res.setHeader(HEADER_CONTENT_RANGE, "bytes 0-" + Long.toString(size-1L) + "/" + Long.toString(size)); res.setHeader(HEADER_CONTENT_RANGE, "bytes 0-" + Long.toString(size-1L) + "/" + Long.toString(size));