[mapguide-commits] r9481 - branches/3.1/MgDev/Web/src/mapviewerjava
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Thu Mar 21 05:31:31 PDT 2019
Author: jng
Date: 2019-03-21 05:31:31 -0700 (Thu, 21 Mar 2019)
New Revision: 9481
Modified:
branches/3.1/MgDev/Web/src/mapviewerjava/quickplotpreviewinner.jsp
Log:
Plug potential XSS hole in Quick Plot (Java AJAX viewer). Unlike the suggested fix in the original ticket, we'll just run the request parameter through GetIntParameter() that would render any malicious content to 0.
Fixes #2790
Modified: branches/3.1/MgDev/Web/src/mapviewerjava/quickplotpreviewinner.jsp
===================================================================
--- branches/3.1/MgDev/Web/src/mapviewerjava/quickplotpreviewinner.jsp 2019-02-07 22:03:29 UTC (rev 9480)
+++ branches/3.1/MgDev/Web/src/mapviewerjava/quickplotpreviewinner.jsp 2019-03-21 12:31:31 UTC (rev 9481)
@@ -33,6 +33,7 @@
String locale;
int targetType;
int us;
+int scaleDenominator;
Hashtable<String, String> annotations = new Hashtable<String, String>();
%>
@@ -41,7 +42,7 @@
response.setContentType("text/html; charset=UTF-8");
request.setCharacterEncoding("UTF-8");
mapName = sessionId = locale = "";
- targetType = us = 0;
+ targetType = us = scaleDenominator = 0;
MgLocalizer.SetLocalizedFilesPath(getServletContext().getRealPath("/") + "localized/");
GetRequestParameters(request);
@@ -79,6 +80,7 @@
mapName = ValidateMapName(GetParameter(request, "MAPNAME"));
targetType = GetIntParameter(request, "TARGETTYPE");
us = GetIntParameter(request, "US");
+ scaleDenominator = GetIntParameter(request, "scale_denominator");
// The parameters whose name matches this pattern will be treated as annotation
String pattern = "^\\{field:.+\\}$";
@@ -93,6 +95,6 @@
}
}
- annotations.put("{scale}", "1 : " + GetParameter(request, "scale_denominator"));
+ annotations.put("{scale}", "1 : " + scaleDenominator);
}
%>
More information about the mapguide-commits
mailing list