summaryrefslogtreecommitdiffstats
path: root/archiva-modules
diff options
context:
space:
mode:
authorMaria Odea B. Ching <oching@apache.org>2011-04-07 12:01:59 +0000
committerMaria Odea B. Ching <oching@apache.org>2011-04-07 12:01:59 +0000
commit622d4ecd46de0e48a8233542a89892eedbeefec4 (patch)
tree4ea8b6eac36d22355e74db75cd4ce3558ea2f163 /archiva-modules
parent6066b387e1bb851f9143bb3bc25fbf2bb2e8854c (diff)
downloadarchiva-622d4ecd46de0e48a8233542a89892eedbeefec4.tar.gz
archiva-622d4ecd46de0e48a8233542a89892eedbeefec4.zip
[MRM-1480]/[REDBACK-274] (CVE-2011-1026)
o upgrade to redback 1.2.8-SNAPSHOT o configured struts2's token interceptor + use of <s:token> in affected actions to prevent CSRF issue git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/archiva-1.3.x@1089839 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-modules')
-rw-r--r--archiva-modules/archiva-web/archiva-webapp-test/pom.xml2
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml56
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp3
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp1
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp1
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp1
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp1
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp1
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp1
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp3
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp3
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp5
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp6
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp4
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp27
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp1
16 files changed, 97 insertions, 19 deletions
diff --git a/archiva-modules/archiva-web/archiva-webapp-test/pom.xml b/archiva-modules/archiva-web/archiva-webapp-test/pom.xml
index bf5b98a5b..037b7ae39 100644
--- a/archiva-modules/archiva-web/archiva-webapp-test/pom.xml
+++ b/archiva-modules/archiva-web/archiva-webapp-test/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.archiva</groupId>
<artifactId>archiva-web</artifactId>
- <version>1.3.5-SNAPSHOT</version>
+ <version>1.3.6-SNAPSHOT</version>
</parent>
<artifactId>archiva-webapp-test</artifactId>
<packaging>pom</packaging>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
index fb2db2159..58ac529aa 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
@@ -47,6 +47,9 @@
<param name="enableReferrerCheck">false</param>
</interceptor-ref>
<interceptor-ref name="redbackPolicyEnforcement"/>
+ <interceptor-ref name="tokenSession">
+ <param name="excludeMethods">*</param>
+ </interceptor-ref>
<interceptor-ref name="configuration"/>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
@@ -65,6 +68,9 @@
<interceptor-ref name="redbackSecureActions">
<param name="enableReferrerCheck">false</param>
</interceptor-ref>
+ <interceptor-ref name="tokenSession">
+ <param name="excludeMethods">*</param>
+ </interceptor-ref>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
@@ -133,6 +139,7 @@
include a result for 'error' -->
<result name="error">/WEB-INF/jsp/generalError.jsp</result>
<result name="access_to_no_repos">/WEB-INF/jsp/accessToNoRepos.jsp</result>
+ <result name="invalid.token">/WEB-INF/jsp/redback/invalidToken.jsp</result>
</global-results>
</package>
@@ -179,6 +186,9 @@
<result name="input">/WEB-INF/jsp/deleteArtifact.jsp</result>
<result name="error">/WEB-INF/jsp/deleteArtifact.jsp</result>
<result name="success">/WEB-INF/jsp/deleteArtifact.jsp</result>
+ <interceptor-ref name="configuredArchivaStack">
+ <param name="tokenSession.includeMethods">doDelete</param>
+ </interceptor-ref>
</action>
<action name="checksumSearch" class="searchAction" method="findArtifact">
@@ -253,19 +263,25 @@
<result name="input">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
<result name="error">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
<result name="success" type="redirect-action">repositoryGroups</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="confirmDeleteRepositoryGroup" class="deleteRepositoryGroupAction" method="confirmDelete">
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="deleteRepositoryGroup" class="deleteRepositoryGroupAction" method="delete">
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
<result name="error">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
<result name="success" type="redirect-action">repositoryGroups</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="addRepositoryToGroup" class="repositoryGroupsAction" method="addRepositoryToGroup">
@@ -325,14 +341,18 @@
<action name="confirmDeleteRepository" class="deleteManagedRepositoryAction" method="confirmDelete">
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="deleteRepository" class="deleteManagedRepositoryAction" method="delete">
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
<result name="error">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
<result name="success" type="redirect-action">repositories</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="addRemoteRepository" class="addRemoteRepositoryAction" method="input">
@@ -394,7 +414,9 @@
<action name="deleteProxyConnector" class="deleteProxyConnectorAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/deleteProxyConnector.jsp</result>
<result name="success" type="redirect-action">proxyConnectors</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="enableProxyConnector" class="enableProxyConnectorAction" method="confirm">
@@ -406,7 +428,9 @@
<action name="disableProxyConnector" class="disableProxyConnectorAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/disableProxyConnector.jsp</result>
<result name="success" type="redirect-action">proxyConnectors</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
@@ -431,13 +455,17 @@
<action name="saveNetworkProxy" class="configureNetworkProxyAction" method="save">
<result name="input">/WEB-INF/jsp/admin/editNetworkProxy.jsp</result>
<result name="success" type="redirect-action">networkProxies</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<action name="deleteNetworkProxy" class="configureNetworkProxyAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/deleteNetworkProxy.jsp</result>
<result name="success" type="redirect-action">networkProxies</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
<!-- .\ REPOSITORY SCANNING \._____________________________________ -->
@@ -447,6 +475,9 @@
<result name="success" type="redirect-action">
<param name="actionName">repositoryScanning</param>
</result>
+ <interceptor-ref name="configuredArchivaStack">
+ <param name="tokenSession.includeMethods">removeFiletypePattern,addFiletypePattern,updateKnownConsumers,updateInvalidConsumers</param>
+ </interceptor-ref>
</action>
<!-- .\ DATABASE \.________________________________________________ -->
@@ -456,6 +487,9 @@
<result name="success" type="redirect-action">
<param name="actionName">database</param>
</result>
+ <interceptor-ref name="configuredArchivaStack">
+ <param name="tokenSession.includeMethods">updateSchedule,updateUnprocessedConsumers,updateCleanupConsumers</param>
+ </interceptor-ref>
</action>
<action name="updateDatabase" class="schedulerAction" method="updateDatabase">
@@ -504,7 +538,9 @@
<result name="input">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
<result name="error">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
<result name="success" type="redirect-action">legacyArtifactPath</result>
- <interceptor-ref name="configuredPrepareParamsStack"/>
+ <interceptor-ref name="configuredPrepareParamsStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
</action>
</package>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp
index 23dfa4155..8122764bb 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp
@@ -48,6 +48,7 @@
<s:form method="post" action="database!updateSchedule"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table>
<s:textfield name="cron" label="Cron" size="40" theme="xhtml" />
<tr>
@@ -74,6 +75,7 @@
<s:form method="post" action="database!updateUnprocessedConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th>&nbsp;</th>
@@ -129,6 +131,7 @@
<s:form method="post" action="database!updateCleanupConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th>&nbsp;</th>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp
index cdd817d9d..19156a36e 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp
@@ -46,6 +46,7 @@
<s:form method="post" action="deleteNetworkProxy!delete" namespace="/admin" validate="true">
<s:hidden name="proxyid"/>
+ <s:token/>
<s:submit value="Delete"/>
</s:form>
</div>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp
index 3a12af02f..fb56d264e 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp
@@ -47,6 +47,7 @@
<s:form method="post" action="deleteProxyConnector!delete" namespace="/admin" validate="true">
<s:hidden name="target"/>
<s:hidden name="source"/>
+ <s:token/>
<s:submit value="Delete"/>
</s:form>
</div>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp
index 9c6b42db1..5f925e579 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp
@@ -63,6 +63,7 @@
<s:form method="post" action="deleteRepository" namespace="/admin" validate="true" theme="simple">
<s:hidden name="repoid"/>
+ <s:token/>
<div class="buttons">
<s:submit value="Delete Configuration Only" method="deleteEntry" />
<s:submit value="Delete Configuration and Contents" method="deleteContents" />
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp
index 83d130f25..69bbd0db4 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp
@@ -56,6 +56,7 @@
<s:form method="post" action="deleteRepositoryGroup" namespace="/admin" validate="true" theme="simple">
<s:hidden name="repoGroupId"/>
<div class="buttons">
+ <s:token/>
<s:submit value="Confirm" method="delete"/>
<s:submit value="Cancel" method="execute"/>
</div>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp
index b496b4122..52c69ba8c 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp
@@ -43,6 +43,7 @@
<s:form method="post" action="disableProxyConnector!disable" namespace="/admin" validate="true">
<s:hidden name="target"/>
<s:hidden name="source"/>
+ <s:token/>
<s:submit value="Disable"/>
</s:form>
</div>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp
index 29f8ffef6..f7dd33ec0 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp
@@ -50,6 +50,7 @@
<s:form method="post" action="saveNetworkProxy" namespace="/admin">
<s:hidden name="mode"/>
+ <s:token/>
<c:choose>
<c:when test="${mode == 'edit'}">
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp
index 0a0167c62..2cb6bdcae 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp
@@ -73,8 +73,11 @@
<div class="controls">
<%-- TODO: make some icons --%>
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
+ <s:token/>
<s:url id="deleteLegacyArtifactPath" action="deleteLegacyArtifactPath">
<s:param name="path" value="%{#attr.legacyArtifactPath.path}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteLegacyArtifactPath}">
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp
index 44eb18a04..33aec91c5 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp
@@ -71,11 +71,14 @@
<div class="controls">
<redback:ifAnyAuthorized
permissions="archiva-manage-configuration">
+ <s:token/>
<s:url id="editNetworkProxyUrl" action="editNetworkProxy">
<s:param name="proxyid" value="%{#attr.proxy.id}" />
</s:url>
<s:url id="deleteNetworkProxyUrl" action="deleteNetworkProxy" method="confirm">
<s:param name="proxyid" value="%{#attr.proxy.id}" />
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{editNetworkProxyUrl}">
<img src="<c:url value="/images/icons/edit.png" />" />
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp
index 83a915c86..c42ba4f54 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp
@@ -113,6 +113,7 @@
<div class="connector ${rowColor}">
<div class="controls">
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
+ <s:token/>
<s:url id="sortDownProxyConnectorUrl" action="sortDownProxyConnector">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
@@ -128,6 +129,8 @@
<s:url id="deleteProxyConnectorUrl" action="deleteProxyConnector" method="confirmDelete">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:url id="enableProxyConnectorUrl" action="enableProxyConnector" method="confirmEnable">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
@@ -136,6 +139,8 @@
<s:url id="disableProxyConnectorUrl" action="disableProxyConnector" method="confirmDisable">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<c:if test="${connector.disabled}">
<s:a href="%{enableProxyConnectorUrl}" title="Enable Proxy Connector">
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp
index 21e584e0f..8050fc39f 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp
@@ -88,8 +88,11 @@
<s:url id="editRepositoryUrl" action="editRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
</s:url>
+ <s:token/>
<s:url id="deleteRepositoryUrl" action="confirmDeleteRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{editRepositoryUrl}">
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
@@ -299,8 +302,11 @@
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
Edit
</s:a>
+ <s:token/>
<s:url id="deleteRepositoryUrl" action="confirmDeleteRemoteRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteRepositoryUrl}">
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp
index 5804cbb95..ec7c8c2dd 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp
@@ -50,6 +50,7 @@
<s:form action="addRepositoryGroup" namespace="/admin">
<span class="label">Identifier<span style="color:red">*</span>:</span>
<s:textfield size="10" label="Identifier" theme="simple" name="repositoryGroup.id"/>
+ <s:token/>
<s:submit value="Add Group" theme="simple" cssClass="button"/>
</s:form>
</redback:ifAnyAuthorized>
@@ -71,8 +72,11 @@
<div class="managedRepo">
<div style="float:right">
+ <s:token/>
<s:url id="deleteRepositoryGroupUrl" action="confirmDeleteRepositoryGroup">
<s:param name="repoGroupId" value="%{#attr.repositoryGroup.key}" />
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteRepositoryGroupUrl}" cssClass="delete">
<img src="${iconDeleteUrl}"/>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp
index 60b59c7f6..5617d5c8f 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp
@@ -40,29 +40,31 @@
<s:actionmessage />
<c:url var="iconDeleteUrl" value="/images/icons/delete.gif" />
-<c:url var="iconCreateUrl" value="/images/icons/create.png" />
-<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern" />
-<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
+<c:url var="iconCreateUrl" value="/images/icons/create.png" />
+<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern"/>
+<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern"/>
<script type="text/javascript">
<!--
- function removeFiletypePattern(filetypeId, pattern)
+ function removeFiletypePattern(filetypeId, pattern, token)
{
var f = document.getElementById('filetypeForm');
f.action = "${removeFiletypePatternUrl}";
f['pattern'].value = pattern;
f['fileTypeId'].value = filetypeId;
+ f.elements['struts2Token'].value = token;
f.submit();
}
- function addFiletypePattern(filetypeId, newPatternId)
+ function addFiletypePattern(filetypeId, newPatternId, token)
{
var f = document.forms['filetypeForm'];
f.action = "${addFiletypePatternUrl}";
f.elements['pattern'].value = document.getElementById(newPatternId).value;
f.elements['fileTypeId'].value = filetypeId;
+ f.elements['struts2Token'].value = token;
f.submit();
}
//-->
@@ -82,11 +84,17 @@
<s:form method="post" action="repositoryScanning"
namespace="/admin" validate="false"
id="filetypeForm" theme="simple">
+ <s:token/>
<input type="hidden" name="pattern" />
<input type="hidden" name="fileTypeId" />
+ <input type="hidden" name="struts2Token"/>
</s:form>
- <s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
+ <%-- DUPLICATE? IS THIS STILL NEEDED? --%>
+ <s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" >
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
+ </s:url>
<c:forEach items="${fileTypeIds}" var="filetypeId" varStatus="j">
@@ -97,6 +105,7 @@
<h3 class="filetype">${filetypeId}</h3>
<table>
+ <s:token id="struts2TokenUd"/>
<c:forEach items="${fileTypeMap[filetypeId].patterns}" var="pattern" varStatus="i">
<c:choose>
<c:when test='${(i.index)%2 eq 0}'>
@@ -115,7 +124,7 @@
</td>
<td class="controls ${bgcolor}">
<s:a href="#" title="Remove [%{#attr.escapedPattern}] Pattern from [%{#attr.filetypeId}]"
- onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}' )"
+ onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}', '%{#attr.struts2TokenId}' )"
theme="simple">
<img src="${iconDeleteUrl}" />
</s:a>
@@ -131,7 +140,7 @@
<td>
<s:a href="#"
title="Add Pattern to [%{#attr.filetypeId}]"
- onclick="addFiletypePattern( '%{#attr.filetypeId}', 'newpattern_%{#attr.j.index}' )"
+ onclick="addFiletypePattern( '%{#attr.filetypeId}', 'newpattern_%{#attr.j.index}', '%{#attr.struts2TokenId}' )"
theme="simple">
<img src="${iconCreateUrl}" />
</s:a>
@@ -157,6 +166,7 @@
<s:form method="post" action="repositoryScanning!updateKnownConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th>&nbsp;</th>
@@ -213,6 +223,7 @@
<s:form method="post" action="repositoryScanning!updateInvalidConsumers"
namespace="/admin" validate="false" theme="simple">
+ <s:token/>
<table class="consumers">
<tr>
<th>&nbsp;</th>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp
index af8993a0a..d518a52d0 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp
@@ -36,6 +36,7 @@
<div id="contentArea">
<s:form action="deleteArtifact!doDelete" namespace="/" method="post" validate="true">
<%@ include file="/WEB-INF/jsp/include/deleteArtifactForm.jspf" %>
+ <s:token/>
<s:submit/>
</s:form>
</div>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-12 17:45:00 +0000