• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item7596: Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | Normal | Closed | patch | 6.0.2 |
Edit Form Data
Detail
Security alert:
Topic patches: To patch the topics, you can simply update your TWiki with the content of TWiki.SearchResultsPagination, TWiki.WebSearch and TWiki.WebSearchAdvanced. Do a "Raw View" on these topics, and a "Raw Edit" on your topics. Alternatively, apply the patches below. TWiki.SearchResultsPagination patch:
TWiki.WebSearch patch:
TWiki.WebSearchAdvanced patch:
- 2014-12-09
- TWiki:Codev.SecurityAlert-CVE-2014-9367
- See related Item7595
') from the regular expression set in sub urlEncode of TWiki.pm:
--- lib/TWiki.pm (revision 28490)
+++ lib/TWiki.pm (working copy)
@@ -3178,7 +3178,7 @@
sub urlEncode {
my $text = shift;
- $text =~ s/([^0-9a-zA-Z-_.:~!*'\/])/'%'.sprintf('%02x',ord($1))/ge;
+ $text =~ s/([^0-9a-zA-Z-_.:~!*\/])/'%'.sprintf('%02x',ord($1))/ge;
return $text;
}
Topic patches: To patch the topics, you can simply update your TWiki with the content of TWiki.SearchResultsPagination, TWiki.WebSearch and TWiki.WebSearchAdvanced. Do a "Raw View" on these topics, and a "Raw Edit" on your topics. Alternatively, apply the patches below. TWiki.SearchResultsPagination patch:
--- data/TWiki/SearchResultsPagination.txt (revision 28466)
+++ data/TWiki/SearchResultsPagination.txt (working copy)
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="TWikiContributor" date="1360719329" format="1.1" version="$Rev$"}%
+%META:TOPICINFO{author="TWikiContributor" date="1418164637" format="1.1" version="$Rev$"}%
---+ Search Results Pagination
When a =%<nop>SEARCH{...}%= returns many results, you may want to paginate the results.
@@ -18,11 +18,11 @@
limit="%CALCULATE{$GET(limit)}%"
footer="$percntCALCULATE{$SET(ntopics, $tntopics)$SET(nwebs, $nwebs)}$percnt"
}%
-%CALCULATE{$SET(searchparams, search=%URLPARAM{"search" encode="quote"}%;
-type=%URLPARAM{"type" encode="quote" default="%SEARCHDEFAULTTYPE%"}%;
-scope=%URLPARAM{"scope" encode="quote"}%;
-web=%URLPARAM{"web" encode="quote"}%;
-nosearch=%URLPARAM{"nosearch" encode="quote"}%;)}%<nop>
+%CALCULATE{$SET(searchparams, search=%URLPARAM{"search" encode="url"}%;
+type=%URLPARAM{"type" encode="url" default="%SEARCHDEFAULTTYPE%"}%;
+scope=%URLPARAM{"scope" encode="url"}%;
+web=%URLPARAM{"web" encode="url"}%;
+nosearch=%URLPARAM{"nosearch" encode="url"}%;)}%<nop>
%INCLUDE{"%SYSTEMWEB%.SearchResultsPagination" section="postamble"}%<nop>
...
</verbatim>
@@ -45,7 +45,7 @@
(The second line is inserted.)
<verbatim>
%INCLUDE{"%SYSTEMWEB%.SearchResultsPagination" section="preamble"}%<nop>
-%CALCULATE{$SET(limit, %URLPARAM{"limit" default="10"}%)}%<nop>
+%CALCULATE{$SET(limit, %URLPARAM{"limit" default="10" encode="entity"}%)}%<nop>
%SEARCH{
</verbatim>
If you specify =limit=20= URL parameter manually, that's observed.
@@ -84,8 +84,8 @@
<!--
%STARTSECTION{"preamble"}%
-%CALCULATE{$SET(start, %URLPARAM{"start" default="0"}%)}%<nop>
-%CALCULATE{$SET(limit, %URLPARAM{"limit" default="%SEARCHRESULTSPERPAGE%"}%)}%<nop>
+%CALCULATE{$SET(start, %URLPARAM{"start" default="0" encode="entity"}%)}%<nop>
+%CALCULATE{$SET(limit, %URLPARAM{"limit" default="%SEARCHRESULTSPERPAGE%" encode="entity"}%)}%<nop>
%CALCULATE{$SET(ntopics, 0)}%<nop>
%CALCULATE{$SET(nwebs, 1)}%<nop>
<div id="searchTopNav%INCLUDINGTOPIC%" style="margin-bottom: 1em; %IF{ "defined 'style'" then="%style%" }%"></div>
TWiki.WebSearch patch:
--- data/TWiki/WebSearch.txt (revision 28466)
+++ data/TWiki/WebSearch.txt (working copy)
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="TWikiContributor" date="1354257474" format="1.1" version="$Rev$"}%
+%META:TOPICINFO{author="TWikiContributor" date="1418165948" format="1.1" version="$Rev$"}%
%META:TOPICPARENT{name="WebHome"}%
---+ %MAKETEXT{"Web Search"}%
@@ -7,16 +7,16 @@
%INCLUDE{"%SYSTEMWEB%.SearchResultsPagination" section="preamble"}%<nop>
%SEARCH{
"%URLPARAM{"search" encode="quote"}%"
-type="%URLPARAM{"type" encode="quote" default="%SEARCHDEFAULTTYPE%"}%"
-scope="%URLPARAM{"scope" encode="quote"}%"
-web="%URLPARAM{"web" encode="quote"}%"
-nosearch="%URLPARAM{"nosearch" encode="quote"}%"
+type="%URLPARAM{"type" encode="entity" default="%SEARCHDEFAULTTYPE%"}%"
+scope="%URLPARAM{"scope" encode="entity"}%"
+web="%URLPARAM{"web" encode="entity"}%"
+nosearch="%URLPARAM{"nosearch" encode="entity"}%"
zeroresults="%IF{ "defined search" then="on" else="off" }%"
start="%CALCULATE{$GET(start)}%"
limit="%CALCULATE{$GET(limit)}%"
footer="$percntCALCULATE{$SET(ntopics, $tntopics)$SET(nwebs, $nwebs)}$percnt"
}%
-%CALCULATE{$SET(searchparams, search=%URLPARAM{"search" encode="quote"}%;type=%URLPARAM{"type" encode="quote" default="%SEARCHDEFAULTTYPE%"}%;scope=%URLPARAM{"scope" encode="quote"}%;web=%URLPARAM{"web" encode="quote"}%;nosearch=%URLPARAM{"nosearch" encode="quote"}%;)}%<nop>
+%CALCULATE{$SET(searchparams, search=%URLPARAM{"search" encode="url"}%;type=%URLPARAM{"type" encode="url" default="%SEARCHDEFAULTTYPE%"}%;scope=%URLPARAM{"scope" encode="url"}%;web=%URLPARAM{"web" encode="url"}%;nosearch=%URLPARAM{"nosearch" encode="url"}%;)}%<nop>
%INCLUDE{"%SYSTEMWEB%.SearchResultsPagination" section="postamble"}%<nop>
<a name="twikiSearchForm"></a>
TWiki.WebSearchAdvanced patch:
--- data/TWiki/WebSearchAdvanced.txt (revision 28466)
+++ data/TWiki/WebSearchAdvanced.txt (working copy)
@@ -1,4 +1,4 @@
-%META:TOPICINFO{author="TWikiContributor" date="1354257474" format="1.1" version="$Rev$"}%
+%META:TOPICINFO{author="TWikiContributor" date="1418164625" format="1.1" version="$Rev$"}%
%META:TOPICPARENT{name="WebSearch"}%
---+ %MAKETEXT{"Advanced Search"}%
@@ -8,21 +8,21 @@
%SEARCH{
"%URLPARAM{"search" encode="quote"}%"
type="%IF{" '%URLPARAM{"regex" encode="entity"}%' = 'on' or '%URLPARAM{"type" encode="entity"}%' = 'regex'" then="regex" else="%SEARCHDEFAULTTYPE%"}%"
- scope="%URLPARAM{"scope" encode="quote"}%"
- web="%URLPARAM{"web" encode="quote"}%"
- nosearch="%URLPARAM{"nosearch" encode="quote"}%"
- casesensitive="%URLPARAM{"casesensitive" encode="quote"}%"
- bookview="%URLPARAM{"bookview" encode="quote"}%"
- nosummary="%URLPARAM{"nosummary" encode="quote"}%"
- nototal="%URLPARAM{"nototal" encode="quote"}%"
- sort="%URLPARAM{"sort" encode="quote"}%"
- reverse="%URLPARAM{"reverse" encode="quote"}%"
+ scope="%URLPARAM{"scope" encode="entity"}%"
+ web="%URLPARAM{"web" encode="entity"}%"
+ nosearch="%URLPARAM{"nosearch" encode="entity"}%"
+ casesensitive="%URLPARAM{"casesensitive" encode="entity"}%"
+ bookview="%URLPARAM{"bookview" encode="entity"}%"
+ nosummary="%URLPARAM{"nosummary" encode="entity"}%"
+ nototal="%URLPARAM{"nototal" encode="entity"}%"
+ sort="%URLPARAM{"sort" encode="entity"}%"
+ reverse="%URLPARAM{"reverse" encode="entity"}%"
zeroresults="%IF{ "defined search" then="on" else="off" }%"
start="%CALCULATE{$GET(start)}%"
limit="%CALCULATE{$GET(limit)}%"
footer="$percntCALCULATE{$SET(ntopics, $tntopics)$SET(nwebs, $nwebs)}$percnt"
}%
-%CALCULATE{$SET(searchparams, search=%URLPARAM{"search" encode="quote"}%;regex=%URLPARAM{"regex" encode="entity"}%;type=%URLPARAM{"type" encode="entity"}%;scope=%URLPARAM{"scope" encode="quote"}%;web=%URLPARAM{"web" encode="quote"}%;nosearch=%URLPARAM{"nosearch" encode="quote"}%;casesensitive=%URLPARAM{"casesensitive" encode="quote"}%;bookview=%URLPARAM{"bookview" encode="quote"}%;nosummary=%URLPARAM{"nosummary" encode="quote"}%;nototal=%URLPARAM{"nototal" encode="quote"}%;sort=%URLPARAM{"sort" encode="quote"}%;reverse=%URLPARAM{"reverse" encode="quote"}%;)}%<nop>
+%CALCULATE{$SET(searchparams, search=%URLPARAM{"search" encode="url"}%;regex=%URLPARAM{"regex" encode="url"}%;type=%URLPARAM{"type" encode="url"}%;scope=%URLPARAM{"scope" encode="url"}%;web=%URLPARAM{"web" encode="url"}%;nosearch=%URLPARAM{"nosearch" encode="url"}%;casesensitive=%URLPARAM{"casesensitive" encode="url"}%;bookview=%URLPARAM{"bookview" encode="url"}%;nosummary=%URLPARAM{"nosummary" encode="url"}%;nototal=%URLPARAM{"nototal" encode="url"}%;sort=%URLPARAM{"sort" encode="url"}%;reverse=%URLPARAM{"reverse" encode="url"}%;)}%<nop>
%INCLUDE{"%SYSTEMWEB%.SearchResultsPagination" section="postamble"}%<nop>
<a name="twikiSearchForm"></a>
-- TWiki:Main/PeterThoeny - 2014-12-09
| ItemTemplate | |
|---|---|
| Summary | Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch |
| ReportedBy |
TWiki:Main.PeterThoeny
|
| Codebase | ~twiki4, 6.0.1 |
| SVN Range | TWiki-6.0.1-trunk, Tue, 09 Dec 2014, build 28490 |
| AppliesTo | Engine |
| Component | |
| Priority | Normal |
| CurrentState | Closed |
| WaitingFor | |
| Checkins |
TWikirev:28493 TWikirev:28494 TWikirev:28495 TWikirev:28496
|
| TargetRelease | patch |
| ReleasedIn | 6.0.2 |
Topic revision: r9 - 2016-01-22 - PeterThoeny
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback