Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 08:25:44 +01:00
Code Issues Packages Projects Releases Activity

fix possible crlf injection, see issue #320

Browse Source
This commit is contained in:
Sebastian Sdorra
2013-01-28 13:04:12 +01:00
parent 1e7ff1a71a
commit 500a082a3f
3 changed files with 100 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scm-webapp/src/main/java/sonia/scm/api/rest/resources/RepositoryResource.java
View File

@@ -74,6 +74,7 @@ import sonia.scm.repository.api.RepositoryServiceFactory;
import sonia.scm.security.RepositoryPermission;
import sonia.scm.security.ScmSecurityException;
import sonia.scm.util.AssertUtil;
import sonia.scm.util.HttpUtil;
import sonia.scm.util.Util;
//~--- JDK imports ------------------------------------------------------------
@@ -509,6 +510,7 @@ public class RepositoryResource
{
builder.setPath(path);
}
//J-
builder.setDisableLastCommit(disableLastCommit)
.setDisableSubRepositoryDetection(disableSubRepositoryDetection)
@@ -846,6 +848,12 @@ public class RepositoryResource
AssertUtil.assertIsNotEmpty(id);
AssertUtil.assertIsNotEmpty(revision);
/**
* HttpUtil.checkForCRLFInjection(revision);
* see https://bitbucket.org/sdorra/scm-manager/issue/320/crlf-injection-vulnerability-in-diff-api
*/
HttpUtil.checkForCRLFInjection(revision);
RepositoryService service = null;
Response response = null;