inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (4.3/Cloud)

Browse Source 
71772: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (4.3/Cloud)
      71677: Merged V4.1-BUG-FIX (4.1.9) to V4.2-BUG-FIX (4.2.3)
         71430: Merged DEV to V4.1-BUG-FIX (4.1.9)
            70396: MNT-11360: XSS: vulnerabilities found in Alfresco Explorer 
               - Additional encoding was added.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@74721 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Will Abson
2014-06-25 15:34:39 +00:00
parent e4b409da81
commit f4deaea7ad
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
source/java/org/alfresco/web/bean/ajax/PickerBean.java
View File

@@ -191,7 +191,7 @@ public class PickerBean implements Serializable
Collection<ChildAssociationRef> childRefs; Collection<ChildAssociationRef> childRefs;
NodeRef parentRef = null; NodeRef parentRef = null;
Map params = fc.getExternalContext().getRequestParameterMap(); Map params = fc.getExternalContext().getRequestParameterMap();
String strParentRef = (String)params.get(PARAM_PARENT); String strParentRef = Utils.encode((String)params.get(PARAM_PARENT));
if (strParentRef == null || strParentRef.length() == 0) if (strParentRef == null || strParentRef.length() == 0)
{ {
childRefs = this.getCategoryService().getRootCategories( childRefs = this.getCategoryService().getRootCategories(
@@ -273,7 +273,7 @@ public class PickerBean implements Serializable
Collection<ChildAssociationRef> childRefs; Collection<ChildAssociationRef> childRefs;
NodeRef parentRef = null; NodeRef parentRef = null;
Map params = fc.getExternalContext().getRequestParameterMap(); Map params = fc.getExternalContext().getRequestParameterMap();
String strParentRef = (String)params.get(ID_PARENT); String strParentRef = Utils.encode((String)params.get(ID_PARENT));
if (strParentRef == null || strParentRef.length() == 0) if (strParentRef == null || strParentRef.length() == 0)
{ {
childRefs = this.getCategoryService().getRootCategories( childRefs = this.getCategoryService().getRootCategories(
@@ -347,7 +347,7 @@ public class PickerBean implements Serializable
NodeRef parentRef = null; NodeRef parentRef = null;
Map params = fc.getExternalContext().getRequestParameterMap(); Map params = fc.getExternalContext().getRequestParameterMap();
String strChildRef = (String)params.get(PARAM_CHILD); String strChildRef = Utils.encode((String)params.get(PARAM_CHILD));
if (strChildRef != null && strChildRef.length() != 0) if (strChildRef != null && strChildRef.length() != 0)
{ {
// TODO: check permission on the parent // TODO: check permission on the parent
@@ -357,7 +357,7 @@ public class PickerBean implements Serializable
else else
{ {
// TODO: check permission on the parent // TODO: check permission on the parent
String strParentRef = (String)params.get(PARAM_PARENT); String strParentRef = Utils.encode((String)params.get(PARAM_PARENT));
if (strParentRef == null || strParentRef.length() == 0) if (strParentRef == null || strParentRef.length() == 0)
{ {
parentRef = companyHomeRef; parentRef = companyHomeRef;
@@ -445,7 +445,7 @@ public class PickerBean implements Serializable
NodeRef parentRef = null; NodeRef parentRef = null;
Map params = fc.getExternalContext().getRequestParameterMap(); Map params = fc.getExternalContext().getRequestParameterMap();
String strChildRef = (String)params.get(PARAM_CHILD); String strChildRef = Utils.encode((String)params.get(PARAM_CHILD));
if (strChildRef != null && strChildRef.length() != 0) if (strChildRef != null && strChildRef.length() != 0)
{ {
// TODO: check permission on the parent // TODO: check permission on the parent
@@ -455,7 +455,7 @@ public class PickerBean implements Serializable
else else
{ {
// TODO: check permission on the parent // TODO: check permission on the parent
String strParentRef = (String)params.get(PARAM_PARENT); String strParentRef = Utils.encode((String)params.get(PARAM_PARENT));
if (strParentRef == null || strParentRef.length() == 0) if (strParentRef == null || strParentRef.length() == 0)
{ {
parentRef = companyHomeRef; parentRef = companyHomeRef;