[JCR-2709] Missing XPath escape in query.jsp - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.1.1
Fix Version/s: 2.2
Component/s: jackrabbit-webapp
Labels:
None

Description

As reported by Canberk Bolat of ADEO Security in a private communication, there search.jsp script in jackrabbit-webapp is missing an escape when it injects the path of a "related:" query into the constructed XPath statement. Further analysis showed that this issue has no security implications, so we can treat this as a normal bug report.

search.jsp
...
String q = request.getParameter("q");
...
if (q != null && q.length() > 0) {
String stmt;
if (q.startsWith("related:"))

{ String path = q.substring("related:".length()); stmt = "//element(*, nt:file)[rep:similar(jcr:content, '" + path + "/jcr:content')]/rep:excerpt(.) order by @jcr:score descending"; queryTerms = "similar to <b>" + Text.encodeIllegalXMLCharacters(path) + "</b>"; }

...

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

jcr-2709.patch
07/Oct/10 12:55
0.9 kB
Douglas Jose

Activity

People

Assignee:: Jukka Zitting

Reporter:: Jukka Zitting

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Aug/10 10:21

Updated:: 23/Sep/11 14:23

Resolved:: 24/Nov/10 16:04