Author: markt Date: Wed Jun 13 19:12:38 2007 New Revision: 547083 URL: http://svn.apache.org/viewvc?view=rev&rev=547083 Log: Port fix for XSS issues in snoop.jsp. This is CVE-2007-2449.
Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.html tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.jsp tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/source.jsp Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp URL: http://svn.apache.org/viewvc/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp?view=diff&rev=547083&r1=547082&r2=547083 ============================================================================== --- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp (original) +++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/security/protected/index.jsp Wed Jun 13 19:12:38 2007 @@ -27,14 +27,16 @@ </head> <body bgcolor="white"> -You are logged in as remote user <b><%= request.getRemoteUser() %></b> +You are logged in as remote user +<b><%= util.HTMLFilter.filter(request.getRemoteUser()) %></b> in session <b><%= session.getId() %></b><br><br> <% if (request.getUserPrincipal() != null) { %> Your user principal name is - <b><%= request.getUserPrincipal().getName() %></b><br><br> + <b><%= util.HTMLFilter.filter(request.getUserPrincipal().getName()) %></b> + <br><br> <% } else { %> Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.html URL: http://svn.apache.org/viewvc/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.html?view=diff&rev=547083&r1=547082&r2=547083 ============================================================================== --- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.html (original) +++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.html Wed Jun 13 19:12:38 2007 @@ -24,8 +24,8 @@ <body bgcolor="#FFFFFF"> <p><font color="#0000FF"><a href="snoop.jsp"><img src="../images/execute.gif" align="right" border="0"></a><a href="../index.html"><img src="../images/return.gif" width="24" height="24" align="right" border="0"></a></font></p> -<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font color="#0000FF"></a> - </font> </h3> +<h3><a href="snoop.jsp.html">Source Code for Request Parameters Example<font color="#0000FF"> + </font></a></h3> </body> </html> Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.jsp URL: http://svn.apache.org/viewvc/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.jsp?view=diff&rev=547083&r1=547082&r2=547083 ============================================================================== --- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.jsp (original) +++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/snp/snoop.jsp Wed Jun 13 19:12:38 2007 @@ -19,37 +19,38 @@ <body bgcolor="white"> <h1> Request Information </h1> <font size="4"> -JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %> +JSP Request Method: <%= util.HTMLFilter.filter(request.getMethod()) %> <br> -Request URI: <%= request.getRequestURI() %> +Request URI: <%= util.HTMLFilter.filter(request.getRequestURI()) %> <br> -Request Protocol: <%= request.getProtocol() %> +Request Protocol: <%= util.HTMLFilter.filter(request.getProtocol()) %> <br> -Servlet path: <%= request.getServletPath() %> +Servlet path: <%= util.HTMLFilter.filter(request.getServletPath()) %> <br> -Path info: <% out.print(util.HTMLFilter.filter(request.getPathInfo())); %> +Path info: <%= util.HTMLFilter.filter(request.getPathInfo()) %> <br> -Query string: <% out.print(util.HTMLFilter.filter(request.getQueryString())); %> +Query string: <%= util.HTMLFilter.filter(request.getQueryString()) %> <br> Content length: <%= request.getContentLength() %> <br> -Content type: <% out.print(util.HTMLFilter.filter(request.getContentType())); %> +Content type: <%= util.HTMLFilter.filter(request.getContentType()) %> <br> -Server name: <%= request.getServerName() %> +Server name: <%= util.HTMLFilter.filter(request.getServerName()) %> <br> Server port: <%= request.getServerPort() %> <br> -Remote user: <%= request.getRemoteUser() %> +Remote user: <%= util.HTMLFilter.filter(request.getRemoteUser()) %> <br> -Remote address: <%= request.getRemoteAddr() %> +Remote address: <%= util.HTMLFilter.filter(request.getRemoteAddr()) %> <br> -Remote host: <%= request.getRemoteHost() %> +Remote host: <%= util.HTMLFilter.filter(request.getRemoteHost()) %> <br> -Authorization scheme: <%= request.getAuthType() %> +Authorization scheme: <%= util.HTMLFilter.filter(request.getAuthType()) %> <br> Locale: <%= request.getLocale() %> <hr> -The browser you are using is <% out.print(util.HTMLFilter.filter(request.getHeader("User-Agent"))); %> +The browser you are using is +<%= util.HTMLFilter.filter(request.getHeader("User-Agent")) %> <hr> </font> </body> Modified: tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/source.jsp URL: http://svn.apache.org/viewvc/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/source.jsp?view=diff&rev=547083&r1=547082&r2=547083 ============================================================================== --- tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/source.jsp (original) +++ tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/source.jsp Wed Jun 13 19:12:38 2007 @@ -17,4 +17,4 @@ <%@ taglib uri="http://jakarta.apache.org/tomcat/examples-taglib" prefix="eg" %> -<eg:ShowSource jspFile="<%= request.getQueryString() %>"/> +<eg:ShowSource jspFile="<%= util.HTMLFilter.filter(request.getQueryString()) %>"/> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]