source.dussan.org Git - archiva.git/commit

]> source.dussan.org Git - archiva.git/commit

author	Maria Odea B. Ching <oching@apache.org>
	Tue, 3 May 2011 02:54:19 +0000 (02:54 +0000)
committer	Maria Odea B. Ching <oching@apache.org>
	Tue, 3 May 2011 02:54:19 +0000 (02:54 +0000)
commit	1d63d95e52a3586e179163de006e4431ba299f1d
tree	9d91915975c30ea1bf6d4ed702a5f53fa4c18033	tree \| snapshot
parent	e54e7dccc32a0d20d3be4d2e97215a3d30f3b0a2	commit \| diff

[MRM-1468] Fix XSS vulnerability in Archiva
submitted by Marc Jansen Tan Chua

o tightened up validation on input/edit forms + unit tests
o added selenium tests for XSS vunerabilities
o used c:out in some of the pages so output will be escaped if containing html characters

git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/archiva-1.3.x@1098897 13f79535-47bb-0310-9956-ffa450edef68

44 files changed:

archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/ArtifactManagementTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/LegacySupportTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/NetworkProxiesTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java	[new file with mode: 0644]	blob
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArtifactManagementTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractRepositoryTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/DeleteArtifactAction-validation.xml		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction-validation.xml		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction-validation.xml		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction-saveNetworkProxy-validation.xml		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addLegacyArtifactPath.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addRepository.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmAddRepository.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editAppearance.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editRepository.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/DeleteArtifactActionTest.java	[new file with mode: 0644]	blob
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganizationInfoActionTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathActionTest.java	[new file with mode: 0644]	blob
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyActionTest.java	[new file with mode: 0644]	blob
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoryActionTest.java	[new file with mode: 0644]	blob
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java		diff \| blob \| history
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/validator/utils/ValidatorUtil.java	[new file with mode: 0644]	blob

Apache Archiva Repository: https://github.com/apache/archiva

RSS Atom