[magnolia-dev] [JIRA] (MGNLSTK-1092) XSS vulnerability of FTL templates

[on behalf of Roman Kovařík]

Roman Kovařík
 created  MGNLSTK-1092


XSS vulnerability of FTL templates















Issue Type:


Bug



Affects Versions:


1.4



Assignee:


Roman Kovařík



Components:


templates



Created:


09/Feb/13 1:32 PM



Description:



	Open some web page - properties - enter for Headline/Navigation Title/Site Title some XSS - save.
#






Fix Versions:


1.4.8



Project:


Magnolia Standard Templating Kit



Priority:


Critical




Reporter:


Roman Kovařík




























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira








Forlistdetails,see:http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively,useourforums:http://forum.magnolia-cms.com/
Tounsubscribe,E-mailto:dev-list-unsubscr...@magnolia-cms.com

[magnolia-dev] [JIRA] (MGNLSTK-1092) XSS vulnerability of FTL templates

[on behalf of Roman Kovařík]

Roman Kovařík
 updated  MGNLSTK-1092


XSS vulnerability of FTL templates
















Change By:


Roman Kovařík
(09/Feb/13 1:59 PM)




Description:


#Opensomewebpage-
properties
PageInfo
-enterforHeadline/NavigationTitle/SiteTitlesomeXSS-save.
#



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira








Forlistdetails,see:http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively,useourforums:http://forum.magnolia-cms.com/
Tounsubscribe,E-mailto:dev-list-unsubscr...@magnolia-cms.com

[magnolia-dev] [JIRA] (MGNLACTIVATION-12) Activating configuration for new install fails

[JIRA (on behalf of william)]

william
 created  MGNLACTIVATION-12


Activating configuration for new install fails















Issue Type:


Bug



Affects Versions:


5.0



Assignee:


Unassigned


Created:


10/Feb/13 4:24 AM



Description:


Install, run updates, change default uri, activate changes, receive annoying error.

Reproducable on mac and linux. Cannot run Activate changes after this problem is enoucntered. Downloaded and tried again. Still breaks. installed at least 20 times trying differnent activation sequences. Activagin the config from author breaks magnolia. 

2013-02-09 21:18:09,025 ERROR info.magnolia.module.exchangesimple.ExchangeTask  : Failed to deactivate content.
info.magnolia.cms.exchange.ExchangeException: Not able to send the activation request http://localhost:8080/magnoliaPublic/.magnolia/activation: no content-type
	at info.magnolia.module.exchangesimple.BaseSyndicatorImpl.activate(BaseSyndicatorImpl.java:422)
	at info.magnolia.module.exchangesimple.SimpleSyndicator$2.runTask(SimpleSyndicator.java:103)
	at info.magnolia.module.exchangesimple.ExchangeTask.run(ExchangeTask.java:75)
	at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:679)
Caused by: java.net.UnknownServiceException: no content-type
	at java.net.URLConnection.getContentHandler(URLConnection.java:1209)
	at java.net.URLConnection.getContent(URLConnection.java:706)
	at info.magnolia.module.exchangesimple.BaseSyndicatorImpl.activate(BaseSyndicatorImpl.java:411)
	... 4 more
2013-02-09 21:18:09,029 ERROR fo.magnolia.module.exchangesimple.SimpleSyndicator: Not able to send the activation request http://localhost:8080/magnoliaPublic/.magnolia/activation: no content-type
info.magnolia.cms.exchange.ExchangeException: Not able to send the activation request http://localhost:8080/magnoliaPublic/.magnolia/activation: no content-type
	at info.magnolia.module.exchangesimple.BaseSyndicatorImpl.activate(BaseSyndicatorImpl.java:422)
	at info.magnolia.module.exchangesimple.SimpleSyndicator$2.runTask(SimpleSyndicator.java:103)
	at info.magnolia.module.exchangesimple.ExchangeTask.run(ExchangeTask.java:75)
	at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:679)
Caused by: java.net.UnknownServiceException: no content-type
	at java.net.URLConnection.getContentHandler(URLConnection.java:1209)
	at java.net.URLConnection.getContent(URLConnection.java:706)
	at info.magnolia.module.exchangesimple.BaseSyndicatorImpl.activate(BaseSyndicatorImpl.java:411)
	... 4 more
2013-02-09 21:18:09,032 ERROR a.module.admininterface.commands.ActivationCommand: can't activate
info.magnolia.cms.exchange.ExchangeException: info.magnolia.cms.exchange.ExchangeException: 1 error detected: 
Not able to send the activation request http://localhost:8080/magnoliaPublic/.magnolia/activation: no content-type
	at info.magnolia.module.exchangesimple.BaseSyndicatorImpl.activate(BaseSyndicatorImpl.java:349)
	at info.magnolia.module.exchangesimple.BaseSyndicatorImpl.activate(BaseSyndicatorImpl.java:273)
	at info.magnolia.module.admininterface.commands.ActivationCommand.activateRecursive(ActivationCommand.java:158)
	at info.magnolia.module.admininterface.commands.ActivationCommand.activateRecursive(ActivationCommand.java:178)
	at info.magnolia.module.admininterface.commands.ActivationCommand.activateBulkUpdate(ActivationCommand.java:139)
	at info.magnolia.module.admininterface.commands.ActivationCommand.execute(ActivationCommand.java:96)
	at info.magnolia.commands.MgnlCommand.executePooledOrSynchronized(MgnlCommand.java:174)
	at info.magnolia.commands.MgnlCommand.execute(MgnlCommand.java:161)
	at info.magnolia.cms.servlets.CommandBasedMVCServletHandler.execute(CommandBasedMVCServletHandler.java:96)
	at info.magnolia.cms.servlets.MVCServlet.doPost(MVCServlet.java:125)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:123)
	at