Openfire (master)

• 

  daryl herzmann <akrherz@iastate.edu> 20 Aug 2019 7678dcd00ca26e5fe2bb93731991e29c874bd6fe

  Merge pull request #1454 from guusdk/OF-1251_CSRF-XXE-XSS
  OF-1251: Harden admin console for XSS and CSRF
• 

  Guus der Kinderen 19 Aug 2019 66992dc0a21dcf6edc3f8ff0ed051ee043e90da2

  OF-1251: Migrated profile settings to JSTL

  • xmppserver/src/main/webapp/setup/setup-profile-settings.jsp (version 66992dc0a21dcf6edc3f8ff0ed051ee043e90da2)
• 

  Guus der Kinderen 19 Aug 2019 1ea6efff2e253e2da680ee0e5bcc951be73d423d

  OF-1251: Migrated host settings to JSTL

  • xmppserver/src/main/webapp/setup/setup-host-settings.jsp (version 1ea6efff2e253e2da680ee0e5bcc951be73d423d)
• 

  Guus der Kinderen 19 Aug 2019 bdb55c34fe8be2afd082e38d16a6a2817e45ca3b

  OF-1251: Add CSRF protection to admin settings.

  • xmppserver/src/main/webapp/setup/setup-admin-settings.jsp (version bdb55c34fe8be2afd082e38d16a6a2817e45ca3b)
  • xmppserver/src/main/webapp/setup/setup-admin-settings_test.jsp (version bdb55c34fe8be2afd082e38d16a6a2817e45ca3b)
• 

  Guus der Kinderen 19 Aug 2019 9029c8654a43fbfa9a9ad06e523361219f8815c5

  OF-1251: Migrated LDAP Server Test to JSTL.

  • xmppserver/src/main/webapp/setup/setup-ldap-server_test.jsp (version 9029c8654a43fbfa9a9ad06e523361219f8815c5)
• 

  Guus der Kinderen 19 Aug 2019 abe1cbf858d730e0bca490c0cfef30fd2c39f65f

  OF-1251: Add CSRF protection to datasource settings.

  • xmppserver/src/main/webapp/setup/setup-datasource-jndi.jsp (version abe1cbf858d730e0bca490c0cfef30fd2c39f65f)
  • xmppserver/src/main/webapp/setup/setup-datasource-settings.jsp (version abe1cbf858d730e0bca490c0cfef30fd2c39f65f)
  • xmppserver/src/main/webapp/setup/setup-datasource-standard.jsp (version abe1cbf858d730e0bca490c0cfef30fd2c39f65f)
• 

  Guus der Kinderen 19 Aug 2019 39fce6f1078d9b5a1e28df3bca71a87e250c6a97

  OF-1251: Migrated datasource settings to JSTL

  • i18n/src/main/resources/openfire_i18n.properties (version 39fce6f1078d9b5a1e28df3bca71a87e250c6a97)
  • xmppserver/src/main/webapp/setup/setup-datasource-jndi.jsp (version 39fce6f1078d9b5a1e28df3bca71a87e250c6a97)
  • xmppserver/src/main/webapp/setup/setup-datasource-settings.jsp (version 39fce6f1078d9b5a1e28df3bca71a87e250c6a97)
  • xmppserver/src/main/webapp/setup/setup-datasource-standard.jsp (version 39fce6f1078d9b5a1e28df3bca71a87e250c6a97)
• 

  Guus der Kinderen 19 Aug 2019 d41c877b9f7d53a9c2b9668a0b22ea3b39eb1e34

  Datasource setup: Reduce code duplication.

  • xmppserver/src/main/java/org/jivesoftware/database/DbConnectionManager.java (version d41c877b9f7d53a9c2b9668a0b22ea3b39eb1e34)
  • xmppserver/src/main/webapp/setup/setup-datasource-jndi.jsp (version d41c877b9f7d53a9c2b9668a0b22ea3b39eb1e34)
  • xmppserver/src/main/webapp/setup/setup-datasource-settings.jsp (version d41c877b9f7d53a9c2b9668a0b22ea3b39eb1e34)
  • xmppserver/src/main/webapp/setup/setup-datasource-standard.jsp (version d41c877b9f7d53a9c2b9668a0b22ea3b39eb1e34)
• 

  Guus der Kinderen 19 Aug 2019 62fadf8f667992b6c41039978276be4db0f29064

  OF-1251: Migrated LDAP user test to JSTL

  • xmppserver/src/main/resources/META-INF/admin.tld (version 62fadf8f667992b6c41039978276be4db0f29064)
  • xmppserver/src/main/webapp/META-INF/admin.tld (version 62fadf8f667992b6c41039978276be4db0f29064)
  • xmppserver/src/main/webapp/WEB-INF/admin.tld (version 62fadf8f667992b6c41039978276be4db0f29064)
  • xmppserver/src/main/webapp/setup/setup-ldap-user_test.jsp (version 62fadf8f667992b6c41039978276be4db0f29064)
• 

  Guus der Kinderen 19 Aug 2019 ec08834f3e5ec351d1f19eb76a843da33dc67a94

  OF-1251: Add CSRF protection to language selection.

  • xmppserver/src/main/webapp/setup/index.jsp (version ec08834f3e5ec351d1f19eb76a843da33dc67a94)
• 

  Guus der Kinderen 19 Aug 2019 1dc9e9d7c9ca79e2acaac60fc1f197fdeea6a0c5

  OF-1251: Migrated LDAP Group Test to JSTL.

  • xmppserver/src/main/webapp/setup/setup-ldap-group_test.jsp (version 1dc9e9d7c9ca79e2acaac60fc1f197fdeea6a0c5)
• 

  Guus der Kinderen 19 Aug 2019 868e1320b26d861216642da134d249f4426930aa

  OF-1251: Add CSRF protection to host settings.

  • xmppserver/src/main/webapp/setup/setup-host-settings.jsp (version 868e1320b26d861216642da134d249f4426930aa)
• 

  Guus der Kinderen 19 Aug 2019 b4420e9ea23a45dd07b2cc82c6451985f2f69b02

  OF-1251: Migrated setup index to JSTL
  This includes the locale selection page, as well as the environment settings check. Both pages have been folded into one (as the conditional displaying of either section wasn't working properly).

  • i18n/src/main/resources/openfire_i18n.properties (version b4420e9ea23a45dd07b2cc82c6451985f2f69b02)
  • xmppserver/src/main/webapp/setup/index.jsp (version b4420e9ea23a45dd07b2cc82c6451985f2f69b02)
  • xmppserver/src/main/webapp/setup/setup-env-check.jspf (version b4420e9ea23a45dd07b2cc82c6451985f2f69b02)
• 

  Guus der Kinderen 19 Aug 2019 8fa1165c195e2ccc55be6028df5d06dc8e10bbda

  OF-1251: Migrated admin settings to JSTL

  • xmppserver/src/main/webapp/setup/setup-admin-settings.jsp (version 8fa1165c195e2ccc55be6028df5d06dc8e10bbda)
  • xmppserver/src/main/webapp/setup/setup-admin-settings_test.jsp (version 8fa1165c195e2ccc55be6028df5d06dc8e10bbda)
• 

  Guus der Kinderen 19 Aug 2019 0cd1ae282e9a5cbbb3d8ad1e941a9df6eca3dd55

  Optimize imports.

  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version 0cd1ae282e9a5cbbb3d8ad1e941a9df6eca3dd55)
  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version 0cd1ae282e9a5cbbb3d8ad1e941a9df6eca3dd55)
  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version 0cd1ae282e9a5cbbb3d8ad1e941a9df6eca3dd55)
  • xmppserver/src/main/webapp/pubsub-service-summary.jsp (version 0cd1ae282e9a5cbbb3d8ad1e941a9df6eca3dd55)
• 

  Guus der Kinderen 19 Aug 2019 1f2aa19f49d60cc674b8e3795948ff5b06c65527

  OF-1251: Migrated LDAP server settings to JSTL

  • xmppserver/src/main/webapp/ldap-server.jsp (version 1f2aa19f49d60cc674b8e3795948ff5b06c65527)
  • xmppserver/src/main/webapp/setup/ldap-server.jspf (version 1f2aa19f49d60cc674b8e3795948ff5b06c65527)
  • xmppserver/src/main/webapp/setup/setup-ldap-server.jsp (version 1f2aa19f49d60cc674b8e3795948ff5b06c65527)
• 

  Guus der Kinderen 19 Aug 2019 51b25499ffc0b527180332e7af950940408b7cbf

  Fixed obvious text mistake.

  • xmppserver/src/main/webapp/setup/ldap-group.jspf (version 51b25499ffc0b527180332e7af950940408b7cbf)
• 

  Guus der Kinderen 19 Aug 2019 6d3378a2d59a6685f7912127f1b037af3955bb65

  OF-1251: XML-escape all output of pubsub-form-table

  • xmppserver/src/main/webapp/pubsub-form-table.jsp (version 6d3378a2d59a6685f7912127f1b037af3955bb65)
• 

  Guus der Kinderen 19 Aug 2019 efb125fad4f87bad5645453b0b4affd7c807d2c3

  OF-1251: XML-escape all output of pubsub-node-affiliates

  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version efb125fad4f87bad5645453b0b4affd7c807d2c3)
• 

  Guus der Kinderen 19 Aug 2019 6c222b3f5f151d4336a4591c03eeb78d3f5ec6b9

  OF-1251: XML-escape all output of pubsub-node-summary

  • xmppserver/src/main/webapp/pubsub-node-summary.jsp (version 6c222b3f5f151d4336a4591c03eeb78d3f5ec6b9)
• 

  Guus der Kinderen 19 Aug 2019 ef7f41958a2ef4124042558f27c11380dc766408

  OF-1251: XML-escape all output of pubsub-node-edit

  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version ef7f41958a2ef4124042558f27c11380dc766408)
• 

  Guus der Kinderen 19 Aug 2019 cd7adb0cb19e8006e48f89915ec4e39af196c495

  OF-1251: XML-escape all output of pubsub-node-affiliates-delete

  • xmppserver/src/main/webapp/pubsub-node-affiliates-delete.jsp (version cd7adb0cb19e8006e48f89915ec4e39af196c495)
• 

  Guus der Kinderen 19 Aug 2019 cc1027f4ae0ecf44ff25024590627299e420cdf4

  Add labels to LDAP user setting input fields.

  • xmppserver/src/main/webapp/setup/ldap-user.jspf (version cc1027f4ae0ecf44ff25024590627299e420cdf4)
• 

  Guus der Kinderen 19 Aug 2019 95052183c9cefbe8260bd1dd03bb6971fd9297ba

  OF-1251: Add CSRF protection to LDAP group settings.

  • xmppserver/src/main/webapp/setup/ldap-group.jspf (version 95052183c9cefbe8260bd1dd03bb6971fd9297ba)
• 

  Guus der Kinderen 19 Aug 2019 31e1c2bb23549fbb8a87634f67827eca2e2f4cf1

  OF-1251: XML-escape all output of pubsub-node-subscribers

  • xmppserver/src/main/webapp/pubsub-node-subscribers.jsp (version 31e1c2bb23549fbb8a87634f67827eca2e2f4cf1)
• 

  Guus der Kinderen 19 Aug 2019 bc8279c81d62d4cbf2f2bf7d3e7105ae9b88509f

  OF-1251: XML-escape all output of pubsub-node-items

  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version bc8279c81d62d4cbf2f2bf7d3e7105ae9b88509f)
• 

  Guus der Kinderen 19 Aug 2019 61186898cca2b49374bb6999acaea87ca40075f7

  OF-1251: Add CSRF protection to LDAP user settings.

  • xmppserver/src/main/webapp/setup/ldap-user.jspf (version 61186898cca2b49374bb6999acaea87ca40075f7)
• 

  Guus der Kinderen 19 Aug 2019 4ce4a32997fa47404c11e30fd2d4d6a528b2844e

  Reduce code complexity by making use of property resolution.

  • xmppserver/src/main/webapp/pubsub-node-affiliates-delete.jsp (version 4ce4a32997fa47404c11e30fd2d4d6a528b2844e)
  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version 4ce4a32997fa47404c11e30fd2d4d6a528b2844e)
  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version 4ce4a32997fa47404c11e30fd2d4d6a528b2844e)
  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version 4ce4a32997fa47404c11e30fd2d4d6a528b2844e)
  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version 4ce4a32997fa47404c11e30fd2d4d6a528b2844e)
  • xmppserver/src/main/webapp/pubsub-node-subscribers.jsp (version 4ce4a32997fa47404c11e30fd2d4d6a528b2844e)
• 

  Guus der Kinderen 19 Aug 2019 c1bb140f54ffc6a015f79f770f4c79d09ef18b04

  OF-1251: XML-escape all output of pubsub-node-affiliates-edit

  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version c1bb140f54ffc6a015f79f770f4c79d09ef18b04)
• 

  Guus der Kinderen 19 Aug 2019 71f41abfe974c1502ff322f20884ab423b6a8ec0

  Reformat pubsub-form-table (no functional changes).

  • xmppserver/src/main/webapp/pubsub-form-table.jsp (version 71f41abfe974c1502ff322f20884ab423b6a8ec0)
• 

  Guus der Kinderen 19 Aug 2019 6511cafed59dca4b15b2ad4dbfa7d76c3d3c4434

  OF-1251: Migrated LDAP group settings to JSTL

  • xmppserver/src/main/webapp/ldap-group.jsp (version 6511cafed59dca4b15b2ad4dbfa7d76c3d3c4434)
  • xmppserver/src/main/webapp/setup/ldap-group.jspf (version 6511cafed59dca4b15b2ad4dbfa7d76c3d3c4434)
  • xmppserver/src/main/webapp/setup/setup-ldap-group.jsp (version 6511cafed59dca4b15b2ad4dbfa7d76c3d3c4434)
• 

  Guus der Kinderen 19 Aug 2019 00255b3e0e52d6ca02cfcd08334883895bffc968

  XEP-1251: more explicitly process (CSRF) errors on pubsub pages
  This commit adds more explicit (eg: show an error message) management of errors that occur on the pubsub admin console pages. Most significantly, the pages now show an error when an CSRF problem occurs (instead of silently ignoring the requested change).
  
  Minor refactoring has been applied, to reduce boilerplate code and bring the UX more in line with other parts of the Admin console.

  • xmppserver/src/main/webapp/pubsub-node-affiliates-delete.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-node-delete.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-node-subscribers.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-node-summary.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
  • xmppserver/src/main/webapp/pubsub-service-summary.jsp (version 00255b3e0e52d6ca02cfcd08334883895bffc968)
• 

  Guus der Kinderen 19 Aug 2019 9f47c5b3013390c55219d3b2b79bb1892af7e1ac

  Add HTML label for input field.

  • xmppserver/src/main/webapp/pubsub-node-delete.jsp (version 9f47c5b3013390c55219d3b2b79bb1892af7e1ac)
• 

  Guus der Kinderen 19 Aug 2019 eb77e3fd66af4f4830ef157e7ab0f075660ebd2c

  OF-1251: XML-escape all output of pubsub-node-delete

  • xmppserver/src/main/webapp/pubsub-node-delete.jsp (version eb77e3fd66af4f4830ef157e7ab0f075660ebd2c)
• 

  Guus der Kinderen 19 Aug 2019 737657749bca957e0bc45198fa3282af3dad3d7b

  Applied IDE hints for sorting list of affiliates.

  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version 737657749bca957e0bc45198fa3282af3dad3d7b)
• 

  Guus der Kinderen 19 Aug 2019 579dc00788cd940d53bca94be281cbc38c22a68b

  OF-1251: Add CSRF protection to LDAP server settings.

  • xmppserver/src/main/webapp/setup/ldap-server.jspf (version 579dc00788cd940d53bca94be281cbc38c22a68b)
• 

  Guus der Kinderen 19 Aug 2019 08e4c7f30f6b6674bb31c31062ba7a4331657496

  OF-1017: Don't show auth exception on admin console page.

  • xmppserver/src/main/webapp/setup/setup-admin-settings.jsp (version 08e4c7f30f6b6674bb31c31062ba7a4331657496)
• 

  Guus der Kinderen 19 Aug 2019 42f8cad5b4c3c9fa725e1d3c9a12010d947f7283

  OF-1251: Migrated LDAP user settings to JSTL

  • xmppserver/src/main/webapp/ldap-user.jsp (version 42f8cad5b4c3c9fa725e1d3c9a12010d947f7283)
  • xmppserver/src/main/webapp/setup/ldap-user.jspf (version 42f8cad5b4c3c9fa725e1d3c9a12010d947f7283)
  • xmppserver/src/main/webapp/setup/setup-ldap-user.jsp (version 42f8cad5b4c3c9fa725e1d3c9a12010d947f7283)
• 

  Guus der Kinderen 19 Aug 2019 ea6895096d0e33ca84f5a2f1285a80012f2b55d6

  Prevent unexpected type coersion.

  • xmppserver/src/main/webapp/pubsub-form-table.jsp (version ea6895096d0e33ca84f5a2f1285a80012f2b55d6)
• 

  Guus der Kinderen 19 Aug 2019 ae6bf1a48383bf23196c0e9c34a2529f5c9e4d47

  Optimization: Replaced one-arg Arrays.asList() with Collections.singletonList()

  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version ae6bf1a48383bf23196c0e9c34a2529f5c9e4d47)