From 97c6a70b71265f51b227e9e438f196303288b6ad Mon Sep 17 00:00:00 2001 From: low012 Date: Thu, 4 May 2006 16:07:35 +0000 Subject: [PATCH] *) Fixed XSS vulnerability. I was able to crawl a PDF that caused the loading of an image in the admin's browser. git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2056 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/ViewFile.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htroot/ViewFile.java b/htroot/ViewFile.java index 0d5063bb8..7ffaa1b3b 100644 --- a/htroot/ViewFile.java +++ b/htroot/ViewFile.java @@ -50,6 +50,7 @@ import java.net.URL; import java.net.URLDecoder; import java.net.URLEncoder; +import de.anomic.data.wikiCode; import de.anomic.http.httpHeader; import de.anomic.http.httpc; import de.anomic.plasma.plasmaHTCache; @@ -182,6 +183,7 @@ public class ViewFile { if (viewMode.equals("parsed")) { String content = new String(document.getText()); + content = wikiCode.replaceHTML(content); //added by Marc Nause content = content.replaceAll("\n","
") .replaceAll("\t","    "); @@ -196,7 +198,7 @@ public class ViewFile { boolean dark = true; for (int i=0; i < sentences.length; i++) { - String currentSentence = sentences[i]; + String currentSentence = wikiCode.replaceHTML(sentences[i]); // Search word highlighting String words = post.get("words",null); @@ -213,7 +215,6 @@ public class ViewFile { } } - prop.put("viewMode_sentences_" + i + "_nr",Integer.toString(i+1)); prop.put("viewMode_sentences_" + i + "_text",currentSentence); prop.put("viewMode_sentences_" + i + "_dark",((dark) ? 1 : 0) ); dark=!dark;