XPath injection in DDM Structure
Description
Activity
Albert Lee July 24, 2012 at 4:09 PM
PASSED Manual Testing following the steps in the description.
Reproduced on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x GIT ID: 137495a91df1ebfc998941d45fe9f2cc6eac638b.
After adding a new document where the metadata set hasa search field value containing "Tom's cats" and viewing the document, I got the same InvalidXPathException in the console.
Fixed on:
Tomcat 7 + MySQL 5. Portal 6.1.x GIT ID: 9c3a7ede3b980c49fc2a23958f03f5b5faf3bad4.
Tomcat 7 + MySQL 5. Portal 6.2.x GIT ID: 1e3f5ab831e6412a431e7d6ed4c45d43fdad97b6.
After adding a new document and viewing it, "Option 2" displays under the Select field. There are no errors in the console.
Michael Saechang July 24, 2012 at 10:31 AM
Committed on:
Portal 6.1.x CE GIT ID: c6c9ac5316ccdb9bceadf6df087ac3f4f0f95d80.
Portal 6.2.x GIT ID: b65bdc64688c879e6cb50fab39b8787217d8f32d.
Details
Assignee
Albert LeeAlbert Lee(Deactivated)Reporter
TomasTomasLabels
Branch Version/s
6.1.xBackported to Branch
CommittedFix Priority
3Git Pull Request
Components
Affects versions
Priority
Medium
Details
Details
Assignee
Albert LeeReporter
TomasLabels
Branch Version/s
Backported to Branch
Fix Priority
Git Pull Request
Components
Affects versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
DDMStructureImpl doesn't escape input parameters when constructing XPath.
How to reproduce:
1, create new Document type in Document Library
2, add Select metadata field
3, change the Select's options, into value 2 insert (including quotes and apostrophe) "Tom's cats"
4, save
5, create new document with this Document type and select "Option 2"
6, publish document
7, show document - there should be error in the log: org.dom4j.InvalidXPathException: Invalid XPath expression: //dynamic-element[@name="select2167"] //dynamic-element[@value=""Tom's cats""] Expected: ]