Menu
▾
▴
[Jfreechart-commit] SF.net SVN: jfreechart: [680] branches/jfreechart-1.0.8-security
|
From: <mu...@us...> - 2007-12-06 16:49:13
|
Revision: 680
http://jfreechart.svn.sourceforge.net/jfreechart/?rev=680&view=rev
Author: mungady
Date: 2007-12-06 08:49:09 -0800 (Thu, 06 Dec 2007)
Log Message:
-----------
2007-12-06 David Gilbert <dav...@ob...>
* source/org/jfree/chart/entity/ChartEntity.java: API doc updates,
* source/org/jfree/chart/imagemap/DynamicDriveToolTipTagFragmentGenerator.java
(generateToolTipFragment): Escape tool tip text,
* source/org/jfree/chart/imagemap/ImageMapUtilities.java
(getImageMap): Escape map name,
(htmlEscape): New method,
* source/org/jfree/chart/imagemap/OverLIBToolTipTagFragmentGenerator.java
(generateToolTipFragment): Escape tool tip text,
* source/org/jfree/chart/imagemap/StandardToolTipTagFragmentGenerator.java
(generateToolTipFragment): Likewise,
* source/org/jfree/chart/imagemap/StandardURLTagFragmentGenerator.java
(generateURLFragment): Encode URL,
* source/org/jfree/chart/imagemap/ToolTipTagFragmentGenerator.java:
Updated API docs,
* source/org/jfree/chart/imagemap/URLTagFragmentGenerator.java:
Likewise,
* source/org/jfree/chart/resources/JFreeChartResources.java: Updated
version number,
* tests/org/jfree/chart/imagemap/ImageMapPackageTests.java: New file,
* tests/org/jfree/chart/imagemap/StandardToolTipTagFragmentGeneratorTests.java:
Likewise,
* tests/org/jfree/chart/imagemap/StandardURLTagFragmentGeneratorTests.java:
Likewise.
Modified Paths:
--------------
branches/jfreechart-1.0.8-security/ChangeLog
branches/jfreechart-1.0.8-security/NEWS
branches/jfreechart-1.0.8-security/README.txt
branches/jfreechart-1.0.8-security/ant/build-swt.xml
branches/jfreechart-1.0.8-security/ant/build.xml
branches/jfreechart-1.0.8-security/source/org/jfree/chart/entity/ChartEntity.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/DynamicDriveToolTipTagFragmentGenerator.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ImageMapUtilities.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/OverLIBToolTipTagFragmentGenerator.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardToolTipTagFragmentGenerator.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardURLTagFragmentGenerator.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ToolTipTagFragmentGenerator.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/URLTagFragmentGenerator.java
branches/jfreechart-1.0.8-security/source/org/jfree/chart/resources/JFreeChartResources.java
Modified: branches/jfreechart-1.0.8-security/ChangeLog
===================================================================
--- branches/jfreechart-1.0.8-security/ChangeLog 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/ChangeLog 2007-12-06 16:49:09 UTC (rev 680)
@@ -1,3 +1,33 @@
+---------- JFREECHART 1.0.8a RELEASED ------------------------
+
+2007-12-06 David Gilbert <dav...@ob...>
+
+ * source/org/jfree/chart/entity/ChartEntity.java: API doc updates,
+ * source/org/jfree/chart/imagemap/DynamicDriveToolTipTagFragmentGenerator.java
+ (generateToolTipFragment): Escape tool tip text,
+ * source/org/jfree/chart/imagemap/ImageMapUtilities.java
+ (getImageMap): Escape map name,
+ (htmlEscape): New method,
+ * source/org/jfree/chart/imagemap/OverLIBToolTipTagFragmentGenerator.java
+ (generateToolTipFragment): Escape tool tip text,
+ * source/org/jfree/chart/imagemap/StandardToolTipTagFragmentGenerator.java
+ (generateToolTipFragment): Likewise,
+ * source/org/jfree/chart/imagemap/StandardURLTagFragmentGenerator.java
+ (generateURLFragment): Encode URL,
+ * source/org/jfree/chart/imagemap/ToolTipTagFragmentGenerator.java:
+ Updated API docs,
+ * source/org/jfree/chart/imagemap/URLTagFragmentGenerator.java:
+ Likewise,
+ * source/org/jfree/chart/resources/JFreeChartResources.java: Updated
+ version number,
+ * tests/org/jfree/chart/imagemap/ImageMapPackageTests.java: New file,
+ * tests/org/jfree/chart/imagemap/StandardToolTipTagFragmentGeneratorTests.java:
+ Likewise,
+ * tests/org/jfree/chart/imagemap/StandardURLTagFragmentGeneratorTests.java:
+ Likewise.
+
+---------- JFREECHART 1.0.8 RELEASED ------------------------
+
2007-11-23 David Gilbert <dav...@ob...>
* source/org/jfree/chart/plot/dial/DialPointer.java
Modified: branches/jfreechart-1.0.8-security/NEWS
===================================================================
--- branches/jfreechart-1.0.8-security/NEWS 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/NEWS 2007-12-06 16:49:09 UTC (rev 680)
@@ -1,3 +1,13 @@
+JFreeChart 1.0.8a
+-----------------
+6 December 2007
+
+This special release contains modifications intended to fix security issues
+reported in the HTML image map generating code (thanks to Chad Loder at
+Rapid7). We encourage users to study the changes and provide any necessary
+feedback.
+
+
JFreeChart 1.0.8
----------------
23 November 2007
Modified: branches/jfreechart-1.0.8-security/README.txt
===================================================================
--- branches/jfreechart-1.0.8-security/README.txt 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/README.txt 2007-12-06 16:49:09 UTC (rev 680)
@@ -1,8 +1,8 @@
-*******************************
-* JFREECHART: Version 1.0.8 *
-*******************************
+********************************
+* JFREECHART: Version 1.0.8a *
+********************************
-23 November 2007
+6 December 2007
(C)opyright 2000-2007, by Object Refinery Limited and Contributors.
@@ -193,6 +193,10 @@
---------------
A list of changes in recent versions:
+1.0.8a: (06-Dec-2007)
+ - a special bug fix release to address security issues in the HTML
+ image map generation code.
+
1.0.8 : (23-Nov-2007)
- primarily a bug fix release. See the NEWS and ChangeLog files for a
more detailed description of the changes in this release.
Modified: branches/jfreechart-1.0.8-security/ant/build-swt.xml
===================================================================
--- branches/jfreechart-1.0.8-security/ant/build-swt.xml 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/ant/build-swt.xml 2007-12-06 16:49:09 UTC (rev 680)
@@ -4,7 +4,7 @@
<target name="initialise" description="Initialise required settings.">
<tstamp />
<property name="jfreechart.name" value="jfreechart" />
- <property name="jfreechart.version" value="1.0.7" />
+ <property name="jfreechart.version" value="1.0.8a" />
<property name="jcommon.name" value="jcommon" />
<property name="jcommon.version" value="1.0.12" />
<property name="builddir" value="${basedir}/build" />
Modified: branches/jfreechart-1.0.8-security/ant/build.xml
===================================================================
--- branches/jfreechart-1.0.8-security/ant/build.xml 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/ant/build.xml 2007-12-06 16:49:09 UTC (rev 680)
@@ -21,7 +21,7 @@
<target name="initialise" description="Initialise required settings.">
<tstamp />
<property name="jfreechart.name" value="jfreechart" />
- <property name="jfreechart.version" value="1.0.8" />
+ <property name="jfreechart.version" value="1.0.8a" />
<property name="jfreechart-bundle-file" value="${jfreechart.name}-${jfreechart.version}-bundle.jar" />
<property name="jcommon.name" value="jcommon" />
<property name="jcommon.version" value="1.0.12" />
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/entity/ChartEntity.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/entity/ChartEntity.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/entity/ChartEntity.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -164,7 +164,10 @@
}
/**
- * Returns the tool tip text for the entity.
+ * Returns the tool tip text for the entity. Be aware that this text
+ * may have been generated from user supplied data, so for security
+ * reasons some form of filtering should be applied before incorporating
+ * this text into any HTML output.
*
* @return The tool tip text (possibly <code>null</code>).
*/
@@ -182,7 +185,9 @@
}
/**
- * Returns the URL text for the entity.
+ * Returns the URL text for the entity. Be aware that this text
+ * may have been generated from user supplied data, so some form of
+ * filtering should be applied before this "URL" is used in any output.
*
* @return The URL text (possibly <code>null</code>).
*/
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/DynamicDriveToolTipTagFragmentGenerator.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/DynamicDriveToolTipTagFragmentGenerator.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/DynamicDriveToolTipTagFragmentGenerator.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -30,10 +30,12 @@
* (C) Copyright 2003-2007, by Richard Atkinson and Contributors.
*
* Original Author: Richard Atkinson;
+ * Contributors: David Gilbert (for Object Refinery Limited);
*
* Changes
* -------
* 12-Aug-2003 : Version 1 (RA);
+ * 04-Dec-2007 : Escape tool tip text to fix bug 1400917 (DG);
*
*/
@@ -44,7 +46,7 @@
* library (http://www.dynamicdrive.com).
*/
public class DynamicDriveToolTipTagFragmentGenerator
- implements ToolTipTagFragmentGenerator {
+ implements ToolTipTagFragmentGenerator {
/** The title, empty string not to display */
protected String title = "";
@@ -80,9 +82,10 @@
* @return The formatted HTML area tag attribute(s).
*/
public String generateToolTipFragment(String toolTipText) {
- return " onMouseOver=\"return stm(['" + this.title + "','"
- + toolTipText + "'],Style[" + this.style + "]);\""
- + " onMouseOut=\"return htm();\"";
+ return " onMouseOver=\"return stm(['"
+ + ImageMapUtilities.htmlEscape(this.title) + "','"
+ + ImageMapUtilities.htmlEscape(toolTipText) + "'],Style["
+ + this.style + "]);\"" + " onMouseOut=\"return htm();\"";
}
}
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ImageMapUtilities.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ImageMapUtilities.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ImageMapUtilities.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -40,6 +40,8 @@
* layering (DG);
* ------------- JFREECHART 1.0.x ---------------------------------------------
* 06-Feb-2006 : API doc updates (DG);
+ * 04-Dec-2007 : Added htmlEscape() method, and escape 'name' in
+ * getImageMap() (DG);
*
*/
@@ -171,7 +173,8 @@
URLTagFragmentGenerator urlTagFragmentGenerator) {
StringBuffer sb = new StringBuffer();
- sb.append("<map id=\"" + name + "\" name=\"" + name + "\">");
+ sb.append("<map id=\"" + htmlEscape(name) + "\" name=\""
+ + htmlEscape(name) + "\">");
sb.append(StringUtils.getLineSeparator());
EntityCollection entities = info.getEntityCollection();
if (entities != null) {
@@ -195,4 +198,46 @@
}
+ /**
+ * Returns a string that is equivalent to the input string, but with
+ * special characters converted to HTML escape sequences.
+ *
+ * @param input the string to escape (<code>null</code> not permitted).
+ *
+ * @return A string with characters escaped.
+ *
+ * @since 1.0.8a
+ */
+ public static String htmlEscape(String input) {
+ if (input == null) {
+ throw new IllegalArgumentException("Null 'input' argument.");
+ }
+ StringBuffer result = new StringBuffer();
+ int length = input.length();
+ for (int i = 0; i < length; i++) {
+ char c = input.charAt(i);
+ if (c == '&') {
+ result.append("&");
+ }
+ else if (c == '\"') {
+ result.append(""");
+ }
+ else if (c == '<') {
+ result.append("<");
+ }
+ else if (c == '>') {
+ result.append(">");
+ }
+ else if (c == '\'') {
+ result.append("'");
+ }
+ else if (c == '\\') {
+ result.append("\");
+ }
+ else {
+ result.append(c);
+ }
+ }
+ return result.toString();
+ }
}
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/OverLIBToolTipTagFragmentGenerator.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/OverLIBToolTipTagFragmentGenerator.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/OverLIBToolTipTagFragmentGenerator.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -30,10 +30,12 @@
* (C) Copyright 2003-2007, by Richard Atkinson and Contributors.
*
* Original Author: Richard Atkinson;
+ * Contributors: David Gilbert (for Object Refinery Limited);
*
* Changes
* -------
* 12-Aug-2003 : Version 1 (RA);
+ * 04-Dec-2007 : Escape tool tip text to fix bug 1400917 (DG);
*
*/
@@ -44,17 +46,25 @@
* (http://www.bosrup.com/web/overlib/).
*/
public class OverLIBToolTipTagFragmentGenerator
- implements ToolTipTagFragmentGenerator {
+ implements ToolTipTagFragmentGenerator {
/**
+ * Creates a new instance.
+ */
+ public OverLIBToolTipTagFragmentGenerator() {
+ super();
+ }
+
+ /**
* Generates a tooltip string to go in an HTML image map.
*
- * @param toolTipText the tooltip.
+ * @param toolTipText the tooltip text.
*
* @return The formatted HTML area tag attribute(s).
*/
public String generateToolTipFragment(String toolTipText) {
- return " onMouseOver=\"return overlib('" + toolTipText
+ return " onMouseOver=\"return overlib('"
+ + ImageMapUtilities.htmlEscape(toolTipText)
+ "');\" onMouseOut=\"return nd();\"";
}
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardToolTipTagFragmentGenerator.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardToolTipTagFragmentGenerator.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardToolTipTagFragmentGenerator.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -30,10 +30,12 @@
* (C) Copyright 2003-2007, by Richard Atkinson and Contributors.
*
* Original Author: Richard Atkinson;
+ * Contributors: David Gilbert (for Object Refinery Limited);
*
* Changes
* -------
* 12-Aug-2003 : Version 1 (RA);
+ * 04-Dec-2007 : Escape tool tip text to fix bug 1400917 (DG);
*
*/
@@ -43,9 +45,16 @@
* Generates tooltips using the HTML title attribute for image map area tags.
*/
public class StandardToolTipTagFragmentGenerator
- implements ToolTipTagFragmentGenerator {
+ implements ToolTipTagFragmentGenerator {
/**
+ * Creates a new instance.
+ */
+ public StandardToolTipTagFragmentGenerator() {
+ super();
+ }
+
+ /**
* Generates a tooltip string to go in an HTML image map.
*
* @param toolTipText the tooltip.
@@ -53,7 +62,8 @@
* @return The formatted HTML area tag attribute(s).
*/
public String generateToolTipFragment(String toolTipText) {
- return " title=\"" + toolTipText + "\" alt=\"\"";
+ return " title=\"" + ImageMapUtilities.htmlEscape(toolTipText)
+ + "\" alt=\"\"";
}
}
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardURLTagFragmentGenerator.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardURLTagFragmentGenerator.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/StandardURLTagFragmentGenerator.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -30,22 +30,33 @@
* (C) Copyright 2003-2007, by Richard Atkinson and Contributors.
*
* Original Author: Richard Atkinson;
+ * Contributors: David Gilbert (for Object Refinery Limited);
*
* Changes
* -------
* 12-Aug-2003 : Version 1 (RA);
+ * 04-Dec-2007 : Encode URL text to fix bug 1400917 (DG);
*
*/
package org.jfree.chart.imagemap;
+import org.jfree.chart.urls.URLUtilities;
+
/**
* Generates URLs using the HTML href attribute for image map area tags.
*/
public class StandardURLTagFragmentGenerator
- implements URLTagFragmentGenerator {
+ implements URLTagFragmentGenerator {
/**
+ * Creates a new instance.
+ */
+ public StandardURLTagFragmentGenerator() {
+ super();
+ }
+
+ /**
* Generates a URL string to go in an HTML image map.
*
* @param urlText the URL.
@@ -53,7 +64,7 @@
* @return The formatted text
*/
public String generateURLFragment(String urlText) {
- return " href=\"" + urlText + "\"";
+ return " href=\"" + URLUtilities.encode(urlText, "UTF-8") + "\"";
}
}
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ToolTipTagFragmentGenerator.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ToolTipTagFragmentGenerator.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/ToolTipTagFragmentGenerator.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -34,6 +34,7 @@
* Changes
* -------
* 12-Aug-2003 : Version 1 (RA);
+ * 05-Dec-2007 : Updated API docs (DG);
*
*/
@@ -50,6 +51,10 @@
* varying standards compliance among browsers, this method is expected
* to return an 'alt' attribute IN ADDITION TO whatever it does to create
* the tooltip (often a 'title' attribute).
+ * <br><br>
+ * Note that the <code>toolTipText</code> may have been generated from
+ * user-defined data, so care should be taken to filter/escape any
+ * characters that may corrupt the HTML tag.
*
* @param toolTipText the tooltip.
*
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/URLTagFragmentGenerator.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/URLTagFragmentGenerator.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/imagemap/URLTagFragmentGenerator.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -34,6 +34,7 @@
* Changes
* -------
* 12-Aug-2003 : Version 1 (RA);
+ * 05-Dec-2007 : Updated API docs (DG);
*
*/
@@ -46,6 +47,10 @@
/**
* Generates a URL string to go in an HTML image map.
+ * <br><br>
+ * Note that the <code>urlText</code> may have been generated from
+ * user-defined data, so care should be taken to filter and/or encode
+ * the string (for example, using {@link java.net.URLEncoder}).
*
* @param urlText the URL.
*
Modified: branches/jfreechart-1.0.8-security/source/org/jfree/chart/resources/JFreeChartResources.java
===================================================================
--- branches/jfreechart-1.0.8-security/source/org/jfree/chart/resources/JFreeChartResources.java 2007-12-06 10:54:58 UTC (rev 679)
+++ branches/jfreechart-1.0.8-security/source/org/jfree/chart/resources/JFreeChartResources.java 2007-12-06 16:49:09 UTC (rev 680)
@@ -55,7 +55,7 @@
/** The resources to be localised. */
private static final Object[][] CONTENTS = {
{"project.name", "JFreeChart"},
- {"project.version", "1.0.8"},
+ {"project.version", "1.0.8a"},
{"project.info", "http://www.jfree.org/jfreechart/index.html"},
{"project.copyright",
"(C)opyright 2000-2007, by Object Refinery Limited and Contributors"}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|