Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 213402 Details for
Bug 375751
[Help] Security vulnerabilities in deferredView.jsp
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read
this important communication.
[patch]
Potential fix
patch.txt (text/plain), 878 bytes, created by
Chris Austin
on 2012-03-30 13:57:02 EDT
(
hide
)
Description:
Potential fix
Filename:
MIME Type:
Creator:
Chris Austin
Created:
2012-03-30 13:57:02 EDT
Size:
878 bytes
patch
obsolete
>diff --git a/org.eclipse.help.webapp/advanced/deferredView.jsp b/org.eclipse.help.webapp/advanced/deferredView.jsp >index 6a7a1e0..8ba0d33 100644 >--- a/org.eclipse.help.webapp/advanced/deferredView.jsp >+++ b/org.eclipse.help.webapp/advanced/deferredView.jsp >@@ -13,6 +13,11 @@ > <% > RequestData data = new RequestData(application, request, response); > WebappPreferences prefs = data.getPrefs(); >+ >+ String baseURL = request.getRequestURL().toString(); >+ baseURL = baseURL.substring(0,baseURL.lastIndexOf("/")+1); >+ >+ String href = baseURL+request.getParameter("href"); > %> > > <html lang="<%=ServletResources.getString("locale", request)%>"> >@@ -22,7 +27,7 @@ > > <script language="JavaScript"> > function onloadHandler() { >- location.href="<%=UrlUtil.JavaScriptEncode(request.getParameter("href"))%>"; >+ location.href="<%=UrlUtil.JavaScriptEncode(href)%>"; > } > </script> >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=213402">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 375751
:
213402
|
213496
