import org.apache.archiva.configuration.UserInterfaceOptions;
import org.apache.archiva.configuration.WebappConfiguration;
import org.apache.archiva.metadata.model.facets.AuditEvent;
+import org.apache.commons.codec.net.URLCodec;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.maven.wagon.providers.http.HttpWagon;
}
+ private String convertName(String name) {
+ return StringEscapeUtils.escapeHtml( StringUtils.trimToEmpty( name ) );
+ }
+
@Override
public void setOrganisationInformation( OrganisationInformation organisationInformation )
throws RepositoryAdminException
Configuration configuration = getArchivaConfiguration( ).getConfiguration( );
if ( organisationInformation != null )
{
+ organisationInformation.setName( convertName( organisationInformation.getName() ));
org.apache.archiva.configuration.OrganisationInformation organisationInformationModel =
getModelMapper( ).map( organisationInformation,
org.apache.archiva.configuration.OrganisationInformation.class );
}
+ @Test
+ public void badOrganisationName( )
+ {
+ try
+ {
+ OrganisationInformation newOrganisationInformation = new OrganisationInformation( );
+ newOrganisationInformation.setName( "/><svg/onload=alert(/url_xss/)>Test Org\"" );
+ archivaAdministration.setOrganisationInformation( newOrganisationInformation );
+ assertEquals("/><svg/onload=alert(/url_xss/)>Test Org"", archivaAdministration.getOrganisationInformation().getName());
+ }
+ catch ( RepositoryAdminException e )
+ {
+ // OK
+ }
+
+ }
+
@Test
public void uiConfiguration()
throws Exception