mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-20 20:09:11 +00:00
Patch for a minor cross site scripting vulnerability, and bump PORTREVISION.
PR: ports/96468 Submitted by: Yann Golanski <yg2@york.ac.uk> Security: VuXML: 26a08c77-32da-4dd7-a884-a76fc49aa824
This commit is contained in:
parent
4308b0a901
commit
954d13aa39
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=172777
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= jakarta-tomcat
|
||||
PORTVERSION= 5.0.30
|
||||
PORTREVISION= 4
|
||||
PORTREVISION= 5
|
||||
CATEGORIES= www java
|
||||
MASTER_SITES= ${MASTER_SITE_APACHE_JAKARTA}
|
||||
MASTER_SITE_SUBDIR= tomcat-5/v${PORTVERSION}/bin
|
||||
@ -62,6 +62,10 @@ SUB_LIST= AJP_1_3_PORT=${AJP_1_3_PORT} \
|
||||
TOMCAT_VERSION=${MAJOR_VER:S/.//} \
|
||||
USER=${TOMCAT_USER}
|
||||
|
||||
USE_DOS2UNIX= webapps/jsp-examples/jsp2/jspx/textRotate.jspx \
|
||||
webapps/jsp-examples/jsp2/el/functions.jsp \
|
||||
webapps/jsp-examples/jsp2/el/implicit-objects.jsp
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
pre-patch:
|
||||
|
@ -0,0 +1,93 @@
|
||||
--- webapps/jsp-examples/jsp2/jspx/textRotate.jspx.orig Mon Sep 11 21:55:26 2006
|
||||
+++ webapps/jsp-examples/jsp2/jspx/textRotate.jspx Mon Sep 11 21:53:47 2006
|
||||
@@ -6,11 +6,12 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg"
|
||||
width="450" height="500" viewBox="0 0 450 500"
|
||||
xmlns:c="http://java.sun.com/jsp/jstl/core"
|
||||
+ xmlns:fn="http://java.sun.com/jsp/jstl/functions"
|
||||
xmlns:jsp="http://java.sun.com/JSP/Page">
|
||||
<jsp:directive.page contentType="image/svg+xml" />
|
||||
<title>JSP 2.0 JSPX</title>
|
||||
<!-- select name parameter, or default to JSPX -->
|
||||
- <c:set var="name" value='${empty param["name"] ? "JSPX" : param["name"]}'/>
|
||||
+ <c:set var="name" value='${empty fn:escapeXml(param["name"]) ? "JSPX" : fn:escapeXml(param["name"])}'/>
|
||||
<g id="testContent">
|
||||
<text class="title" x="50%" y="10%" font-size="15" text-anchor="middle" >
|
||||
JSP 2.0 XML Syntax (.jspx) Demo</text>
|
||||
--- webapps/jsp-examples/jsp2/el/functions.jsp.orig Mon Sep 11 21:55:56 2006
|
||||
+++ webapps/jsp-examples/jsp2/el/functions.jsp Mon Sep 11 21:51:56 2006
|
||||
@@ -13,6 +13,7 @@
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
|
||||
<%@ taglib prefix="my" uri="http://jakarta.apache.org/tomcat/jsp2-example-taglib"%>
|
||||
|
||||
<html>
|
||||
@@ -30,7 +31,7 @@
|
||||
<blockquote>
|
||||
<u><b>Change Parameter</b></u>
|
||||
<form action="functions.jsp" method="GET">
|
||||
- foo = <input type="text" name="foo" value="${param['foo']}">
|
||||
+ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}">
|
||||
<input type="submit">
|
||||
</form>
|
||||
<br>
|
||||
@@ -42,19 +43,19 @@
|
||||
</thead>
|
||||
<tr>
|
||||
<td>\${param["foo"]}</td>
|
||||
- <td>${param["foo"]} </td>
|
||||
+ <td>${fn:escapeXml(param["foo"])} </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>\${my:reverse(param["foo"])}</td>
|
||||
- <td>${my:reverse(param["foo"])} </td>
|
||||
+ <td>${my:reverse(fn:escapeXml(param["foo"]))} </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>\${my:reverse(my:reverse(param["foo"]))}</td>
|
||||
- <td>${my:reverse(my:reverse(param["foo"]))} </td>
|
||||
+ <td>${my:reverse(my:reverse(fn:escapeXml(param["foo"])))} </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>\${my:countVowels(param["foo"])}</td>
|
||||
- <td>${my:countVowels(param["foo"])} </td>
|
||||
+ <td>${my:countVowels(fn:escapeXml(param["foo"]))} </td>
|
||||
</tr>
|
||||
</table>
|
||||
</code>
|
||||
--- webapps/jsp-examples/jsp2/el/implicit-objects.jsp.orig Mon Sep 11 21:55:56 2006
|
||||
+++ webapps/jsp-examples/jsp2/el/implicit-objects.jsp Mon Sep 11 21:52:32 2006
|
||||
@@ -13,6 +13,8 @@
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
|
||||
+
|
||||
<html>
|
||||
<head>
|
||||
<title>JSP 2.0 Expression Language - Implicit Objects</title>
|
||||
@@ -49,7 +51,7 @@
|
||||
<blockquote>
|
||||
<u><b>Change Parameter</b></u>
|
||||
<form action="implicit-objects.jsp" method="GET">
|
||||
- foo = <input type="text" name="foo" value="${param["foo"]}">
|
||||
+ foo = <input type="text" name="foo" value="${fn:escapeXml(param["foo"])}">
|
||||
<input type="submit">
|
||||
</form>
|
||||
<br>
|
||||
@@ -61,11 +63,11 @@
|
||||
</thead>
|
||||
<tr>
|
||||
<td>\${param.foo}</td>
|
||||
- <td>${param.foo} </td>
|
||||
+ <td>${fn:escapeXml(param["foo"])} </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>\${param["foo"]}</td>
|
||||
- <td>${param["foo"]} </td>
|
||||
+ <td>${fn:escapeXml(param["foo"])} </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>\${header["host"]}</td>
|
Loading…
Reference in New Issue
Block a user