Skip to content

Commit 3b43271

Browse files
jvanmalderjvanmalder
committed
thymeleaf security hotfix for users page
1 parent 5372fea commit 3b43271

File tree

3 files changed

+12
-8
lines changed

3 files changed

+12
-8
lines changed

app/src/main/resources/templates/users.html

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,17 +20,16 @@
2020
</thead>
2121
<tbody>
2222
<tr th:each="user : ${users}" >
23-
<td class="mdl-data-table__cell--non-numeric user-name" th:text="${user.name}" th:onclick="'showUserDialog(&quot;' + ${user.login} + '&quot;)'"></td>
24-
<td class="mdl-data-table__cell--non-numeric user-email" th:text="${user.email}" th:onclick="'showUserDialog(&quot;' + ${user.login} + '&quot;)'"></td>
25-
<td class="mdl-data-table__cell--non-numeric user-username" th:text="${user.login}" th:onclick="'showUserDialog(&quot;' + ${user.login} + '&quot;)'"></td>
26-
<td class="mdl-data-table__cell--non-numeric user-role" th:text="${user.role.description}" th:onclick="'showUserDialog(&quot;' + ${user.login} + '&quot;)'"></td>
23+
<td class="mdl-data-table__cell--non-numeric user-name" th:data1="${user.login}" th:text="${user.name}" th:onclick="showUserDialog(this.getAttribute('data1'))"></td>
24+
<td class="mdl-data-table__cell--non-numeric user-email" th:data1="${user.login}" th:text="${user.email}" th:onclick="showUserDialog(this.getAttribute('data1'))"></td>
25+
<td class="mdl-data-table__cell--non-numeric user-username" th:text="${user.login}" th:data1="${user.login}" th:onclick="showUserDialog(this.getAttribute('data1'))"></td> <td class="mdl-data-table__cell--non-numeric user-role" th:data1="${user.login}" th:text="${user.role.description}" th:onclick="showUserDialog(this.getAttribute('data1'))"></td>
2726
<td class="mdl-data-table__cell--non-numeric">
2827
<label class="mdl-checkbox mdl-js-checkbox mdl-js-ripple-effect" th:for="'checkbox-' + ${user.id}" th:onclick="'changeActive('+ ${user.id} + ')'">
2928
<input type="checkbox" th:id="'checkbox-' + ${user.id}" class="mdl-checkbox__input" th:checked="${user.active}"/>
3029
</label>
3130
</td>
3231
<td class="mdl-data-table__cell--non-numeric">
33-
<button class="mdl-button mdl-js-button mdl-button--icon mdl-button--colored" style="color:rgb(50, 166, 211);" th:onclick="'openEditUserDialog('+ ${user.id} + ', &quot;' + ${user.login} + '&quot;, &quot;' + ${user.role.description} + '&quot;, &quot;' + ${user.name} + '&quot;, &quot;' + ${user.email} + '&quot;, ' + ${user.active} + ')'">
32+
<button class="mdl-button mdl-js-button mdl-button--icon mdl-button--colored" style="color:rgb(50, 166, 211);" th:data1="${user.id}" th:data2="${user.login}" th:data3="${user.role.description}" th:data4="${user.name}" th:data5="${user.email}" th:data6="${user.active}" th:onclick="openEditUserDialog(this.getAttribute('data1'), this.getAttribute('data2'), this.getAttribute('data3'),this.getAttribute('data4'),this.getAttribute('data5'), this.getAttribute('data6'))">
3433
<i class="material-icons">edit</i>
3534
</button>
3635
</td>
@@ -41,4 +40,4 @@
4140
</div>
4241
<dialog class="mdl-dialog"></dialog>
4342
</body>
44-
</html>
43+
</html>

build.gradle

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ ext.buildTime = {
4040
}
4141

4242
group = 'eu.openanalytics'
43-
ext.versionNumber = '1.3.0'
43+
ext.versionNumber = '1.3.1'
4444
ext.baseVersion = versionNumber
4545
version = versionNumber
4646
description = """rdepot"""
@@ -249,4 +249,4 @@ ext.maven = {
249249
username = System.getenv("OA_NEXUS_USER")
250250
password = System.getenv("OA_NEXUS_PWD")
251251
}
252-
}
252+
}

gradle/wrapper/gradle-wrapper.properties

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
distributionBase=GRADLE_USER_HOME
2+
distributionPath=wrapper/dists
3+
distributionUrl=https\://services.gradle.org/distributions/gradle-6.4.1-bin.zip
4+
zipStoreBase=GRADLE_USER_HOME
5+
zipStorePath=wrapper/dists

0 commit comments

Comments
 (0)