Merge pull request b3log#12331 from nanolikeyou/master

88250 · web-flow · commit a0f4edb82bb6 · 2017-08-13T12:15:08.000+08:00
修复几项安全问题
diff --git a/pom.xml b/pom.xml
@@ -82,7 +82,7 @@
         <jsoup.version>1.9.1</jsoup.version>
         <flexmark.version>0.22.16</flexmark.version>
         <qiniu.version>7.0.4.1</qiniu.version>
-        <jetty.version>9.2.7.v20150116</jetty.version>
+        <jetty.version>9.2.9.v20150224</jetty.version>
         <commons-cli.version>1.3.1</commons-cli.version>
         <emoji-java.version>3.2.0</emoji-java.version>
         <jodd.version>3.6.6</jodd.version>
diff --git a/src/main/java/org/b3log/solo/processor/FeedProcessor.java b/src/main/java/org/b3log/solo/processor/FeedProcessor.java
@@ -417,11 +417,10 @@ private Item getItem(final JSONArray articles, final boolean hasMultipleUsers, S
         final String link = Latkes.getServePath() + article.getString(Article.ARTICLE_PERMALINK);
         ret.setLink(link);
         ret.setGUID(link);
-        final String authorEmail = article.getString(Article.ARTICLE_AUTHOR_EMAIL);
         if (hasMultipleUsers) {
             authorName = StringEscapeUtils.escapeXml(articleQueryService.getAuthor(article).getString(User.USER_NAME));
         }
-        ret.setAuthor(authorEmail + "(" + authorName + ")");
+        ret.setAuthor(authorName);
         final String tagsString = article.getString(Article.ARTICLE_TAGS_REF);
         final String[] tagStrings = tagsString.split(",");
         for (final String tagString : tagStrings) {
diff --git a/src/main/java/org/b3log/solo/processor/LoginProcessor.java b/src/main/java/org/b3log/solo/processor/LoginProcessor.java
@@ -146,6 +146,8 @@ public void showLogin(final HTTPRequestContext context) throws Exception {
         String destinationURL = request.getParameter(Common.GOTO);
         if (Strings.isEmptyOrNull(destinationURL)) {
             destinationURL = Latkes.getServePath() + Common.ADMIN_INDEX_URI;
+        } else if (!isInternalLinks(destinationURL)) {
+            destinationURL = "/";
         }
 
         final HttpServletResponse response = context.getResponse();
@@ -244,7 +246,7 @@ public void logout(final HTTPRequestContext context) throws IOException {
 
         String destinationURL = httpServletRequest.getParameter(Common.GOTO);
 
-        if (Strings.isEmptyOrNull(destinationURL)) {
+        if (Strings.isEmptyOrNull(destinationURL) || !isInternalLinks(destinationURL)) {
             destinationURL = "/";
         }
 
@@ -265,6 +267,8 @@ public void showForgot(final HTTPRequestContext context) throws Exception {
 
         if (Strings.isEmptyOrNull(destinationURL)) {
             destinationURL = Latkes.getServePath() + Common.ADMIN_INDEX_URI;
+        } else if (!isInternalLinks(destinationURL)) {
+            destinationURL = "/";
         }
 
         renderPage(context, "reset-pwd.ftl", destinationURL, request);
@@ -484,4 +488,15 @@ private void renderPage(final HTTPRequestContext context, final String pageTempl
         Keys.fillRuntime(dataModel);
         filler.fillMinified(dataModel);
     }
+
+    /**
+     * Preventing unvalidated redirects and forwards��See more at:
+     * <a>https://www.owasp.org/index.php/
+     * Unvalidated_Redirects_and_Forwards_Cheat_Sheet</a>
+     * 
+     * @return whether the destinationURL is an internal link
+     */
+    private boolean isInternalLinks(String destinationURL) {
+        return destinationURL.startsWith(Latkes.getServePath());
+    }
 }
diff --git a/src/main/webapp/js/lib/jquery/jquery.min.js b/src/main/webapp/js/lib/jquery/jquery.min.js
