mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-10-22 15:12:38 +00:00
c993293931
93834: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud)
93734: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.1)
- SOURCE/root/projects/remote-api/config/alfresco/templates/webscripts/org/alfresco/collaboration/calendar.get.html.ftl
was removed from 5.0 as part of an EOL activity
93559: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
93544: Merged DEV to V4.2.4 (4.2.4)
93482: MNT-13174: /share/service/components/form {htmlid} unsanitized: XSS vulnerability
- Add html escape to avoid XSS vulnerability
93545: Merged DEV to V4.2.4 (4.2.4)
93508 : MNT-13177 : /alfresco/wcservice/search/keyword {l} unsanitized: XSS vulnerability
- Escape search.localeId property
93549: Merged DEV to V4.2.4 (4.2.4)
93540 : MNT-13173 : /share/service/components/form {destination} unsanitized: XSS vulnerability
- Add html escape to avoid XSS vulnerability
93555: Merged DEV to V4.2.4 (4.2.4)
93476: MNT-13178: /alfresco/wcservice/api/search/person {l} unsanitized: XSS vulnerability
- Add url escape to avoid XSS vulnerability
93556: Merged DEV to V4.2.4 (4.2.4)
93477: MNT-13176 : /alfresco/wcservice/collaboration/calendar {nodeRef} unsanitized: XSS vulnerability
- Added ?html built-in processing for nodeRef argument.
93718: Merged V4.2.4 (4.2.4) to V4.2-BUG-FIX (4.2.5)
93671: Merged DEV to PATCHES/V4.2.4 (4.2.4)
93661: MNT-13180: go through all API URI and confirm all parameters are sanitized
- Add unit test that checks all webscripts for sanitized parameters
93672: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
Add html escape to fix XSS vulnerability
93691: MNT-13190: /alfresco/wcservice/sample/blog/search {q} unsanitized: XSS vulnerability
Patch imported blogsearch template
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94995 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
<h1>Web Scripts</h1>
<p>
Documentation on how to develop a Web Script may be found <a href="http://wiki.alfresco.com/wiki/Web_Scripts">here</a>. </p><p>Web Scripts allow you to bind new Alfresco-based functionality to a HTTP method and custom URL. A library of URLs may be built up to provide a complete API accessible via HTTP. They are ideal for building data access & update APIs and simple UI components such as Portlets. Development of Web Scripts may be performed within Alfresco. Knowledge of Java is <em><strong>not</strong></em> required.<br/>
</p>
<p>
For example, you could create the following API for your particular application...
</p>
<dl><dt><strong>Execute a search</strong> </dt></dl>
<p>
GET http://<host>:<port>/alfresco/service/blog/category/{category}
</p>
<dl><dt><strong>Retrieve meta-data for an item in the repository</strong> </dt></dl>
<p>
GET http://<host>:<port>/alfresco/service/blog/2007/03/04/new-release
</p>
<dl><dt><strong>Update meta-data for an item in the repository</strong> </dt></dl>
<p>
POST http://<host>:<port>/alfresco/service/blog/2007/03/04/new-release?status=Draft
</p>
<dl><dt><strong>Delete an item in the repository</strong></dt></dl>
<p>
DELETE http://<host>:<port>/alfresco/service/blog/2007/03/04/new-release
</p>