Openfire (master)

• 

  daryl herzmann <akrherz@iastate.edu> 20 Aug 2019 fe5d9a95f15aa9d838d0baeac01e9f652f71c051

  Merge pull request #1456 from guusdk/OF-1251_CSRF-XXE-XSS_4_4
  OF-1251: Harden admin console for XSS and CSRF (4.4 branch)
• 

  Guus der Kinderen 20 Aug 2019 6ad1ab68f0d01125ed8c1afbf453fcb2cc722d43

  Add HTML label for input field.

  • xmppserver/src/main/webapp/pubsub-node-delete.jsp (version 6ad1ab68f0d01125ed8c1afbf453fcb2cc722d43)
• 

  Guus der Kinderen 20 Aug 2019 315b0cf4afd9418df03fd77044e17f8646c3026c

  OF-1251: Add CSRF protection to host settings.

  • xmppserver/src/main/webapp/setup/setup-host-settings.jsp (version 315b0cf4afd9418df03fd77044e17f8646c3026c)
• 

  Guus der Kinderen 20 Aug 2019 22993c2d9c4811814882a2f8fee96b440b8b430a

  OF-1251: Add CSRF protection to language selection.

  • xmppserver/src/main/webapp/setup/index.jsp (version 22993c2d9c4811814882a2f8fee96b440b8b430a)
• 

  Guus der Kinderen 20 Aug 2019 1a7420eb7a7e03e254e9a2903fbd11d9e29f988c

  Reformat pubsub-form-table (no functional changes).

  • xmppserver/src/main/webapp/pubsub-form-table.jsp (version 1a7420eb7a7e03e254e9a2903fbd11d9e29f988c)
• 

  Guus der Kinderen 20 Aug 2019 e7d3ae7ecb8f2ad7bc28a392521600e3bffaea71

  OF-1251: Migrated profile settings to JSTL

  • xmppserver/src/main/webapp/setup/setup-profile-settings.jsp (version e7d3ae7ecb8f2ad7bc28a392521600e3bffaea71)
• 

  Guus der Kinderen 20 Aug 2019 8744963433d68e6e9c60f03bab4044751e132908

  Datasource setup: Reduce code duplication.

  • xmppserver/src/main/java/org/jivesoftware/database/DbConnectionManager.java (version 8744963433d68e6e9c60f03bab4044751e132908)
  • xmppserver/src/main/webapp/setup/setup-datasource-jndi.jsp (version 8744963433d68e6e9c60f03bab4044751e132908)
  • xmppserver/src/main/webapp/setup/setup-datasource-settings.jsp (version 8744963433d68e6e9c60f03bab4044751e132908)
  • xmppserver/src/main/webapp/setup/setup-datasource-standard.jsp (version 8744963433d68e6e9c60f03bab4044751e132908)
• 

  Guus der Kinderen 20 Aug 2019 92b35cf700b803b4e14f0791754d6ee57405edfc

  OF-1251: Migrated LDAP Server Test to JSTL.

  • xmppserver/src/main/webapp/setup/setup-ldap-server_test.jsp (version 92b35cf700b803b4e14f0791754d6ee57405edfc)
• 

  Guus der Kinderen 20 Aug 2019 78c0d2fd873f124d3a6d0676dbdae5f85adb9379

  OF-1251: XML-escape all output of pubsub-node-edit

  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version 78c0d2fd873f124d3a6d0676dbdae5f85adb9379)
• 

  Guus der Kinderen 20 Aug 2019 031e889d905e0b5a2b7ae80a26523b7f07136571

  OF-1251: Add CSRF protection to admin settings.

  • xmppserver/src/main/webapp/setup/setup-admin-settings.jsp (version 031e889d905e0b5a2b7ae80a26523b7f07136571)
  • xmppserver/src/main/webapp/setup/setup-admin-settings_test.jsp (version 031e889d905e0b5a2b7ae80a26523b7f07136571)
• 

  Guus der Kinderen 20 Aug 2019 64140aaaa1ed9cf87cf65c5e5289628a178d0ff6

  OF-1251: XML-escape all output of pubsub-node-subscribers

  • xmppserver/src/main/webapp/pubsub-node-subscribers.jsp (version 64140aaaa1ed9cf87cf65c5e5289628a178d0ff6)
• 

  Guus der Kinderen 20 Aug 2019 88c53b91809ab2059866d411affd2af7eac6365a

  OF-1251: XML-escape all output of pubsub-node-items

  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version 88c53b91809ab2059866d411affd2af7eac6365a)
• 

  Guus der Kinderen 20 Aug 2019 7ab702b5fd46853fcc0ca2cb1e87cc49d0b1235f

  OF-1251: XML-escape all output of pubsub-node-summary

  • xmppserver/src/main/webapp/pubsub-node-summary.jsp (version 7ab702b5fd46853fcc0ca2cb1e87cc49d0b1235f)
• 

  Guus der Kinderen 20 Aug 2019 19cd182c6826e0e4185ad1a1dfb4ce4fdbdacc63

  Prevent unexpected type coersion.

  • xmppserver/src/main/webapp/pubsub-form-table.jsp (version 19cd182c6826e0e4185ad1a1dfb4ce4fdbdacc63)
• 

  Guus der Kinderen 20 Aug 2019 7cbcca85a5e0802903b2e4cba012d7103d82e433

  Fixed obvious text mistake.

  • xmppserver/src/main/webapp/setup/ldap-group.jspf (version 7cbcca85a5e0802903b2e4cba012d7103d82e433)
• 

  Guus der Kinderen 20 Aug 2019 65667e3a4e63f2ade501fb4651fdd5a88867522d

  OF-1251: Add CSRF protection to LDAP user settings.

  • xmppserver/src/main/webapp/setup/ldap-user.jspf (version 65667e3a4e63f2ade501fb4651fdd5a88867522d)
• 

  Guus der Kinderen 20 Aug 2019 a16261d88ff46b41e9a0f305c8960fd9465e2be4

  OF-1251: Migrated LDAP Group Test to JSTL.

  • xmppserver/src/main/webapp/setup/setup-ldap-group_test.jsp (version a16261d88ff46b41e9a0f305c8960fd9465e2be4)
• 

  Guus der Kinderen 20 Aug 2019 6beaf96ece938156329a444130ef12e1c973f26f

  OF-1251: Migrated admin settings to JSTL

  • xmppserver/src/main/webapp/setup/setup-admin-settings.jsp (version 6beaf96ece938156329a444130ef12e1c973f26f)
  • xmppserver/src/main/webapp/setup/setup-admin-settings_test.jsp (version 6beaf96ece938156329a444130ef12e1c973f26f)
• 

  Guus der Kinderen 20 Aug 2019 5d5fbb3dd1f25e7e89cddaffb3db0dc6acf7791b

  OF-1251: Add CSRF protection to LDAP server settings.

  • xmppserver/src/main/webapp/setup/ldap-server.jspf (version 5d5fbb3dd1f25e7e89cddaffb3db0dc6acf7791b)
• 

  Guus der Kinderen 20 Aug 2019 7c65a45480508d6373d1ef161237dce9ac100602

  OF-1251: Migrated host settings to JSTL

  • xmppserver/src/main/webapp/setup/setup-host-settings.jsp (version 7c65a45480508d6373d1ef161237dce9ac100602)
• 

  Guus der Kinderen 20 Aug 2019 2412ca39eb6b38ee73256dc421f149038da9ee8c

  OF-1251: Migrated setup index to JSTL
  This includes the locale selection page, as well as the environment settings check. Both pages have been folded into one (as the conditional displaying of either section wasn't working properly).

  • i18n/src/main/resources/openfire_i18n.properties (version 2412ca39eb6b38ee73256dc421f149038da9ee8c)
  • xmppserver/src/main/webapp/setup/index.jsp (version 2412ca39eb6b38ee73256dc421f149038da9ee8c)
  • xmppserver/src/main/webapp/setup/setup-env-check.jspf (version 2412ca39eb6b38ee73256dc421f149038da9ee8c)
• 

  Guus der Kinderen 20 Aug 2019 060e68e4c88285a525248ca70b603e471d96d0b3

  OF-1251: XML-escape all output of pubsub-node-affiliates-edit

  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version 060e68e4c88285a525248ca70b603e471d96d0b3)
• 

  Guus der Kinderen 20 Aug 2019 d44e095818b9d2e6c06a33317d1afcf942a6bd2c

  OF-1251: Migrated datasource settings to JSTL

  • i18n/src/main/resources/openfire_i18n.properties (version d44e095818b9d2e6c06a33317d1afcf942a6bd2c)
  • xmppserver/src/main/webapp/setup/setup-datasource-jndi.jsp (version d44e095818b9d2e6c06a33317d1afcf942a6bd2c)
  • xmppserver/src/main/webapp/setup/setup-datasource-settings.jsp (version d44e095818b9d2e6c06a33317d1afcf942a6bd2c)
  • xmppserver/src/main/webapp/setup/setup-datasource-standard.jsp (version d44e095818b9d2e6c06a33317d1afcf942a6bd2c)
• 

  Guus der Kinderen 20 Aug 2019 05b552f591f405fe23366973a5981558ae8c6e62

  OF-1251: XML-escape all output of pubsub-form-table

  • xmppserver/src/main/webapp/pubsub-form-table.jsp (version 05b552f591f405fe23366973a5981558ae8c6e62)
• 

  Guus der Kinderen 20 Aug 2019 f46fe0beb113d83f86d3c75cc1f1ac69310d3e56

  Optimization: Replaced one-arg Arrays.asList() with Collections.singletonList()

  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version f46fe0beb113d83f86d3c75cc1f1ac69310d3e56)
• 

  Guus der Kinderen 20 Aug 2019 262f9973a431cd72e85933e8da39dc5af53556d7

  XEP-1251: more explicitly process (CSRF) errors on pubsub pages
  This commit adds more explicit (eg: show an error message) management of errors that occur on the pubsub admin console pages. Most significantly, the pages now show an error when an CSRF problem occurs (instead of silently ignoring the requested change).
  
  Minor refactoring has been applied, to reduce boilerplate code and bring the UX more in line with other parts of the Admin console.

  • xmppserver/src/main/webapp/pubsub-node-affiliates-delete.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-node-delete.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-node-subscribers.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-node-summary.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
  • xmppserver/src/main/webapp/pubsub-service-summary.jsp (version 262f9973a431cd72e85933e8da39dc5af53556d7)
• 

  Guus der Kinderen 20 Aug 2019 8cd97e402a86216f82c10fc255a330fa5cdb2b33

  OF-1251: Migrated LDAP group settings to JSTL

  • xmppserver/src/main/webapp/ldap-group.jsp (version 8cd97e402a86216f82c10fc255a330fa5cdb2b33)
  • xmppserver/src/main/webapp/setup/ldap-group.jspf (version 8cd97e402a86216f82c10fc255a330fa5cdb2b33)
  • xmppserver/src/main/webapp/setup/setup-ldap-group.jsp (version 8cd97e402a86216f82c10fc255a330fa5cdb2b33)
• 

  Guus der Kinderen 20 Aug 2019 21f76dc59f63702e251506e926db0d7e631b86d3

  OF-1251: Migrated LDAP user settings to JSTL

  • xmppserver/src/main/webapp/ldap-user.jsp (version 21f76dc59f63702e251506e926db0d7e631b86d3)
  • xmppserver/src/main/webapp/setup/ldap-user.jspf (version 21f76dc59f63702e251506e926db0d7e631b86d3)
  • xmppserver/src/main/webapp/setup/setup-ldap-user.jsp (version 21f76dc59f63702e251506e926db0d7e631b86d3)
• 

  Guus der Kinderen 20 Aug 2019 1ae84cad17c4d0c2940c9ce5d1ff7e64c0541ced

  OF-1251: Migrated LDAP server settings to JSTL

  • xmppserver/src/main/webapp/ldap-server.jsp (version 1ae84cad17c4d0c2940c9ce5d1ff7e64c0541ced)
  • xmppserver/src/main/webapp/setup/ldap-server.jspf (version 1ae84cad17c4d0c2940c9ce5d1ff7e64c0541ced)
  • xmppserver/src/main/webapp/setup/setup-ldap-server.jsp (version 1ae84cad17c4d0c2940c9ce5d1ff7e64c0541ced)
• 

  Guus der Kinderen 20 Aug 2019 e7f2a676409f67b5baf6f1a4378b97323708b371

  OF-1251: XML-escape all output of pubsub-node-affiliates-delete

  • xmppserver/src/main/webapp/pubsub-node-affiliates-delete.jsp (version e7f2a676409f67b5baf6f1a4378b97323708b371)
• 

  Guus der Kinderen 20 Aug 2019 da95683dc709541497d6ff12e6ac7513ed40d041

  OF-1251: XML-escape all output of pubsub-node-affiliates

  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version da95683dc709541497d6ff12e6ac7513ed40d041)
• 

  Guus der Kinderen 20 Aug 2019 e50106f14abc9c7933d3242193120ed01f5bcef2

  OF-1251: Add CSRF protection to LDAP group settings.

  • xmppserver/src/main/webapp/setup/ldap-group.jspf (version e50106f14abc9c7933d3242193120ed01f5bcef2)
• 

  Guus der Kinderen 20 Aug 2019 7cab5587d307427d76cf3d688212e22e7c237ff0

  OF-1251: Add CSRF protection to datasource settings.

  • xmppserver/src/main/webapp/setup/setup-datasource-jndi.jsp (version 7cab5587d307427d76cf3d688212e22e7c237ff0)
  • xmppserver/src/main/webapp/setup/setup-datasource-settings.jsp (version 7cab5587d307427d76cf3d688212e22e7c237ff0)
  • xmppserver/src/main/webapp/setup/setup-datasource-standard.jsp (version 7cab5587d307427d76cf3d688212e22e7c237ff0)
• 

  Guus der Kinderen 20 Aug 2019 b9f6f32fc79573a508811685147736c530f37d57

  Optimize imports.

  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version b9f6f32fc79573a508811685147736c530f37d57)
  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version b9f6f32fc79573a508811685147736c530f37d57)
  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version b9f6f32fc79573a508811685147736c530f37d57)
  • xmppserver/src/main/webapp/pubsub-service-summary.jsp (version b9f6f32fc79573a508811685147736c530f37d57)
• 

  Guus der Kinderen 20 Aug 2019 694d9c96fe4466eb22f40df905ed139fa419c1bb

  Reduce code complexity by making use of property resolution.

  • xmppserver/src/main/webapp/pubsub-node-affiliates-delete.jsp (version 694d9c96fe4466eb22f40df905ed139fa419c1bb)
  • xmppserver/src/main/webapp/pubsub-node-affiliates-edit.jsp (version 694d9c96fe4466eb22f40df905ed139fa419c1bb)
  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version 694d9c96fe4466eb22f40df905ed139fa419c1bb)
  • xmppserver/src/main/webapp/pubsub-node-edit.jsp (version 694d9c96fe4466eb22f40df905ed139fa419c1bb)
  • xmppserver/src/main/webapp/pubsub-node-items.jsp (version 694d9c96fe4466eb22f40df905ed139fa419c1bb)
  • xmppserver/src/main/webapp/pubsub-node-subscribers.jsp (version 694d9c96fe4466eb22f40df905ed139fa419c1bb)
• 

  Guus der Kinderen 20 Aug 2019 c447a711df92fba1e95d68b47863139aae434292

  OF-1251: XML-escape all output of pubsub-node-delete

  • xmppserver/src/main/webapp/pubsub-node-delete.jsp (version c447a711df92fba1e95d68b47863139aae434292)
• 

  Guus der Kinderen 20 Aug 2019 e688b15dba626d14ba61851a2fb103775cc975a5

  Applied IDE hints for sorting list of affiliates.

  • xmppserver/src/main/webapp/pubsub-node-affiliates.jsp (version e688b15dba626d14ba61851a2fb103775cc975a5)
• 

  Guus der Kinderen 20 Aug 2019 4ea013c9c2a91a06f1823636a5fd033603d89d6b

  OF-1017: Don't show auth exception on admin console page.

  • xmppserver/src/main/webapp/setup/setup-admin-settings.jsp (version 4ea013c9c2a91a06f1823636a5fd033603d89d6b)
• 

  Guus der Kinderen 20 Aug 2019 e733adb9901a34e21584bf3d5d77d75147f756ba

  OF-1251: Migrated LDAP user test to JSTL

  • xmppserver/src/main/resources/META-INF/admin.tld (version e733adb9901a34e21584bf3d5d77d75147f756ba)
  • xmppserver/src/main/webapp/META-INF/admin.tld (version e733adb9901a34e21584bf3d5d77d75147f756ba)
  • xmppserver/src/main/webapp/WEB-INF/admin.tld (version e733adb9901a34e21584bf3d5d77d75147f756ba)
  • xmppserver/src/main/webapp/setup/setup-ldap-user_test.jsp (version e733adb9901a34e21584bf3d5d77d75147f756ba)
• 

  Guus der Kinderen 20 Aug 2019 0c9144176c75d7ee2c8dd90a6210110bdce3dc00

  Add labels to LDAP user setting input fields.

  • xmppserver/src/main/webapp/setup/ldap-user.jspf (version 0c9144176c75d7ee2c8dd90a6210110bdce3dc00)