SSF-4 Fix security flaw

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/all_projects_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/all_projects_controller.rb
index ebc020968fc65f87b66b049f62e5a3b0936faa66..200585f1773c9267f5c8983c97946524c6e32d79 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/all_projects_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/all_projects_controller.rb
@@ -31,4 +31,4 @@ class AllProjectsController < ApplicationController
     @filter.execute(self, :user => current_user)
   end
 
-end
\ No newline at end of file
+end

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/all_projects/index.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/all_projects/index.html.erb
index be95bc8400ededbcb329631d8d1c1d182c8d5eb3..34e45dd0eb5726374bdca913bacba8393e5ae0dd 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/all_projects/index.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/all_projects/index.html.erb
@@ -67,11 +67,11 @@
     </tbody>
 
       <%= table_pagination(@filter.pagination, :colspan => colspan) { |label, page_id|
-            link_to(label, :action => 'index', :qualifier => @qualifier, :asc => @filter.criteria[:asc], :page => page_id)
+            link_to(label, :action => 'index', :qualifier => h(@qualifier), :asc => h(@filter.criteria[:asc]), :page => page_id)
           }
       -%>
     
   </table>
   </div>
   
-<% end %>
\ No newline at end of file
+<% end %>

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/confirm/_confirm.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/confirm/_confirm.html.erb
index bc597d8aa23c2d8f4b2a1d5cd7b6b5b1995070b5..64f47c4f522d39e20fba6514df471083f50a6b1e 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/confirm/_confirm.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/confirm/_confirm.html.erb
@@ -4,7 +4,7 @@
    message_params = params['mp'] || []
    button_key = params[:bk] || title_key
 %>
-<form id="confirm-form" method="post" action="<%= Api::Utils.absolute_to_relative_url(params[:url]) -%>">
+<form id="confirm-form" method="post" action="<%= Api::Utils.absolute_to_relative_url(h(params[:url])) -%>">
   <fieldset>
     <div class="modal-head">
       <h2><%= h message title_key -%></h2>
@@ -20,4 +20,4 @@
       <a href="#" onclick="return closeModalWindow()" id="confirm-cancel"><%= h message('cancel') -%></a>
     </div>
   </fieldset>
-</form>
\ No newline at end of file
+</form>

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb b/sonar-server/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb
index 1cef2048feb678a1840215e472a13f660f3d7a39..dd3bd47d21303bef311e90e68292993cd4b711eb 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/views/drilldown/issues.html.erb
@@ -144,7 +144,7 @@
           <tr class="<%= clazz -%>" id="row_<%= index -%>_<%= row_index -%>">
             <td nowrap>
               <% if resource.source_code? %>
-                <a href="<%= url_for :controller => 'resource', :action => 'index', :id => resource.key, :period => params[:period], :metric => @metric ? @metric.id : nil,
+                <a href="<%= url_for :controller => 'resource', :action => 'index', :id => resource.key, :period => @period, :metric => @metric ? @metric.id : nil,
                                      :rule => @rule ? @rule.id : @severity, :display_title => 'true' -%>"
                    onclick="window.open(this.href,'resource-<%= resource.key.parameterize -%>','height=800,width=900,scrollbars=1,resizable=1');return false;"
                    id="popup-<%= resource.key.parameterize -%>"
@@ -218,4 +218,4 @@
 
 <div id="accordion-panel"/>
 
-<%= render :partial => 'footer' -%>
\ No newline at end of file
+<%= render :partial => 'footer' -%>