portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From woon...@apache.org
Subject svn commit: r1070715 - /portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/engine/servlet/XXSUrlAttackFilter.java
Date Tue, 15 Feb 2011 01:16:24 GMT
Author: woonsan
Date: Tue Feb 15 01:16:24 2011
New Revision: 1070715

URL: http://svn.apache.org/viewvc?rev=1070715&view=rev
Log:
Fixing a minor problem that '%3C' and '%3e' are not properly checked.

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/engine/servlet/XXSUrlAttackFilter.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/engine/servlet/XXSUrlAttackFilter.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/engine/servlet/XXSUrlAttackFilter.java?rev=1070715&r1=1070714&r2=1070715&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/engine/servlet/XXSUrlAttackFilter.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/engine/servlet/XXSUrlAttackFilter.java
Tue Feb 15 01:16:24 2011
@@ -54,8 +54,8 @@ public class XXSUrlAttackFilter implemen
 
     private boolean isInvalid(String value)
     {
-        return (value != null && (value.indexOf('<') != -1 || value.indexOf('>')
!= -1 || value.indexOf("%3e") != -1
-                || value.indexOf("%3c") != -1 || value.indexOf("%3E") != -1 || value.indexOf("%3E")
!= -1));
+        return (value != null && (value.indexOf('<') != -1 || value.indexOf('>')
!= -1 || value.indexOf("%3C") != -1
+                || value.indexOf("%3c") != -1 || value.indexOf("%3E") != -1 || value.indexOf("%3e")
!= -1));
     }
 
     public void destroy()



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message