Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
Openfire
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
Openfire
Commits
c784a6f2
Commit
c784a6f2
authored
9 years ago
by
Dave Cridland
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OF-942 Reflected XSS in External Component Settings
parent
d1bfea3b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
4 additions
and
3 deletions
+4
-3
connection-settings-external-components.jsp
src/web/connection-settings-external-components.jsp
+4
-3
No files found.
src/web/connection-settings-external-components.jsp
View file @
c784a6f2
...
...
@@ -15,6 +15,7 @@
<%@ taglib
uri=
"admin"
prefix=
"admin"
%>
<%@ taglib
uri=
"http://java.sun.com/jsp/jstl/core"
prefix=
"c"
%>
<%@ taglib
uri=
"http://java.sun.com/jsp/jstl/fmt"
prefix=
"fmt"
%>
<%@ taglib
uri=
"http://java.sun.com/jsp/jstl/functions"
prefix=
"fn"
%>
<jsp:useBean
id=
"webManager"
class=
"org.jivesoftware.util.WebManager"
/>
<%
webManager
.
init
(
request
,
response
,
session
,
application
,
out
);
%>
<%
...
...
@@ -503,7 +504,7 @@
<tr
valign=
"top"
>
<td
colspan=
"2"
>
<label
for=
"defaultSecret"
><fmt:message
key=
"component.settings.defaultSecret"
/></label>
<input
type=
"text"
size=
"15"
maxlength=
"70"
name=
"defaultSecret"
id=
"defaultSecret"
value=
"${
defaultSecret
}"
/>
<input
type=
"text"
size=
"15"
maxlength=
"70"
name=
"defaultSecret"
id=
"defaultSecret"
value=
"${
fn:escapeXml(defaultSecret)
}"
/>
</td>
</tr>
...
...
@@ -574,13 +575,13 @@
<label
for=
"componentAllowedSubdomain"
><fmt:message
key=
"component.settings.subdomain"
/></label>
</td>
<td>
<input
type=
"text"
size=
"40"
name=
"subdomain"
id=
"componentAllowedSubdomain"
value=
"${
param.containsKey('componentAllowed') and not empty errors ? param[ 'subdomain' ] : ''
}"
/>
<input
type=
"text"
size=
"40"
name=
"subdomain"
id=
"componentAllowedSubdomain"
value=
"${
fn:escapeXml(param.containsKey('componentAllowed') and not empty errors ? param[ 'subdomain' ] : '')
}"
/>
</td>
<td
nowrap
width=
"1%"
>
<label
for=
"componentAllowedSecret"
><fmt:message
key=
"component.settings.secret"
/></label>
</td>
<td>
<input
type=
"text"
size=
"15"
name=
"secret"
id=
"componentAllowedSecret"
value=
"${
param.containsKey('componentAllowed') and not empty errors ? param[ 'secret' ] : ''
}"
/>
<input
type=
"text"
size=
"15"
name=
"secret"
id=
"componentAllowedSecret"
value=
"${
fn:escapeXml(param.containsKey('componentAllowed') and not empty errors ? param[ 'secret' ] : '')
}"
/>
</td>
</tr>
<tr
align=
"center"
>
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment