This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new c7fef0c Fixed: Post-auth XSS vulnerability at catalog/control/EditProductPromo (OFBIZ-12096)
c7fef0c is described below
commit c7fef0c409bca7c01d1f94e9431af52714398c58
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sat Dec 19 17:59:02 2020 +0100
Fixed: Post-auth XSS vulnerability at catalog/control/EditProductPromo (OFBIZ-12096)
We missed to unescape EcmaScript encoded strings in
UtilCoded::checkStringForHtmlSafe, ie in all form fields using allow-html="safe"
Thanks: 牛治 <
[hidden email]> for report
---
framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
index adc5e44b..449bd5d 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
@@ -479,7 +479,7 @@ public class UtilCodec {
}
if (value != null) {
- String filtered = policy.sanitize(value);
+ String filtered = StringEscapeUtils.unescapeEcmaScript(policy.sanitize(value));
if (filtered != null && !value.equals(StringEscapeUtils.unescapeHtml4(filtered))) {
String issueMsg = null;
if (locale.equals(new Locale("test"))) {
@@ -603,5 +603,4 @@ public class UtilCodec {
return this.internalMap.toString();
}
}
-
}
Locked
