diff options
| author | caustin | 2013-02-07 15:29:13 +0000 |
|---|---|---|
| committer | caustin | 2013-02-07 15:29:13 +0000 |
| commit | 7b293beeb999f49dd0a9d0b2da4ced4a18d0d0c4 (patch) | |
| tree | 1a4dcf96b20166a065e619e2a1b8f39def1a4e04 | |
| parent | 3b19317d7d9dbb0527bf0d87499fe6b23a1c64e2 (diff) | |
| download | eclipse.platform.ua-7b293beeb999f49dd0a9d0b2da4ced4a18d0d0c4.tar.gz eclipse.platform.ua-7b293beeb999f49dd0a9d0b2da4ced4a18d0d0c4.tar.xz eclipse.platform.ua-7b293beeb999f49dd0a9d0b2da4ced4a18d0d0c4.zip | |
Bug 379269 - [Help] Security vulnerabilities in toolbar.jsp
| -rw-r--r-- | org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/ToolbarData.java | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/ToolbarData.java b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/ToolbarData.java index a68ee1dc3..df73c517e 100644 --- a/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/ToolbarData.java +++ b/org.eclipse.help.webapp/src/org/eclipse/help/internal/webapp/data/ToolbarData.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2000, 2009 IBM Corporation and others. + * Copyright (c) 2000, 2013 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -11,6 +11,8 @@ package org.eclipse.help.internal.webapp.data; import java.util.*; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.servlet.*; import javax.servlet.http.*; @@ -30,6 +32,7 @@ public class ToolbarData extends RequestData { private static final String BUTTON_EXTENSION_POINT = "org.eclipse.help.webapp.toolbarButton"; //$NON-NLS-1$ private ToolbarButton[] buttons; private String[] scriptFiles; + private static Pattern jsNamePattern = Pattern.compile("^[a-zA-Z_$][a-zA-Z1-9_]*"); //$NON-NLS-1$ public ToolbarData(ServletContext context, HttpServletRequest request, @@ -75,12 +78,16 @@ public class ToolbarData extends RequestData { for (int i = 0; i < names.length; i++) { if ("".equals(names[i])) //$NON-NLS-1$ buttonList.add(new ToolbarButton()); - else - buttonList.add(new ToolbarButton(names[i], ServletResources - .getString(tooltips[i], request), preferences - .getImagesDirectory() - + "/e_" + images[i], //$NON-NLS-1$ - actions[i], params[i], states[i])); + else{ + // Is this a valid javascript name (and not a script injection) + Matcher matcher = jsNamePattern.matcher(names[i]); + if (matcher.matches()) + buttonList.add(new ToolbarButton(names[i], ServletResources + .getString(tooltips[i], request), preferences + .getImagesDirectory() + + "/e_" + images[i], //$NON-NLS-1$ + actions[i], params[i], states[i])); + } } addExtensionButtons(buttonList); |