Merge pull request #12331 from nanolikeyou/master

修复几项安全问题

Merge pull request #12331 from nanolikeyou/master
修复几项安全问题
a0f4edb8 · D · GitHub · dbf70a36 · 294ebb3c · a0f4edb8
Commit a0f4edb8 authored Aug 13, 2017 by D Committed by GitHub Aug 13, 2017
4 changed files
--- a/pom.xml
+++ b/pom.xml
@@ -82,7 +82,7 @@
        <jsoup.version>1.9.1</jsoup.version>
        <flexmark.version>0.22.16</flexmark.version>
        <qiniu.version>7.0.4.1</qiniu.version>
-        <jetty.version>9.2.7.v20150116</jetty.version>
+        <jetty.version>9.2.9.v20150224</jetty.version>
        <commons-cli.version>1.3.1</commons-cli.version>
        <emoji-java.version>3.2.0</emoji-java.version>
        <jodd.version>3.6.6</jodd.version>

--- a/src/main/java/org/b3log/solo/processor/FeedProcessor.java
+++ b/src/main/java/org/b3log/solo/processor/FeedProcessor.java
@@ -417,11 +417,10 @@ public class FeedProcessor {
        final String link = Latkes.getServePath() + article.getString(Article.ARTICLE_PERMALINK);
        ret.setLink(link);
        ret.setGUID(link);
-        final String authorEmail = article.getString(Article.ARTICLE_AUTHOR_EMAIL);
        if (hasMultipleUsers) {
            authorName = StringEscapeUtils.escapeXml(articleQueryService.getAuthor(article).getString(User.USER_NAME));
        }
-        ret.setAuthor(authorEmail + "(" + authorName + ")");
+        ret.setAuthor(authorName);
        final String tagsString = article.getString(Article.ARTICLE_TAGS_REF);
        final String[] tagStrings = tagsString.split(",");
        for (final String tagString : tagStrings) {

--- a/src/main/java/org/b3log/solo/processor/LoginProcessor.java
+++ b/src/main/java/org/b3log/solo/processor/LoginProcessor.java
@@ -146,6 +146,8 @@ public class LoginProcessor {
        String destinationURL = request.getParameter(Common.GOTO);
        if (Strings.isEmptyOrNull(destinationURL)) {
            destinationURL = Latkes.getServePath() + Common.ADMIN_INDEX_URI;
+        } else if (!isInternalLinks(destinationURL)) {
+            destinationURL = "/";
        }

        final HttpServletResponse response = context.getResponse();
@@ -244,7 +246,7 @@ public class LoginProcessor {

        String destinationURL = httpServletRequest.getParameter(Common.GOTO);

-        if (Strings.isEmptyOrNull(destinationURL)) {
+        if (Strings.isEmptyOrNull(destinationURL) || !isInternalLinks(destinationURL)) {
            destinationURL = "/";
        }

@@ -265,6 +267,8 @@ public class LoginProcessor {

        if (Strings.isEmptyOrNull(destinationURL)) {
            destinationURL = Latkes.getServePath() + Common.ADMIN_INDEX_URI;
+        } else if (!isInternalLinks(destinationURL)) {
+            destinationURL = "/";
        }

        renderPage(context, "reset-pwd.ftl", destinationURL, request);
@@ -484,4 +488,15 @@ public class LoginProcessor {
        Keys.fillRuntime(dataModel);
        filler.fillMinified(dataModel);
    }
+
+    /**
+     * Preventing unvalidated redirects and forwardsSee more at:
+     * <a>https://www.owasp.org/index.php/
+     * Unvalidated_Redirects_and_Forwards_Cheat_Sheet</a>
+     * 
+     * @return whether the destinationURL is an internal link
+     */
+    private boolean isInternalLinks(String destinationURL) {
+        return destinationURL.startsWith(Latkes.getServePath());
+    }
 }
--- a/src/main/webapp/js/lib/jquery/jquery.min.js
+++ b/src/main/webapp/js/lib/jquery/jquery.min.js