Apache
/
archiva
mirror of https://github.com/apache/archiva.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[MRM-1480]/[REDBACK-274] (CVE-2011-1026) 

o upgrade to redback 1.2.8-SNAPSHOT
o configured struts2's token interceptor + use of <s:token> in affected actions to prevent CSRF issue
[MRM-1460] added selenium tests for CSRF fixes in affected pages
Merged: r1066067:1091313


git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1091315 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brett Porter 2011-04-12 07:16:34 +00:00
parent 76289acb8d
commit 58d905941b
17 changed files with 279 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
archiva-docs/src/site/apt/release-notes.apt
View File

@ -19,6 +19,26 @@ Release Notes for Archiva 1.4
~~TODO
* Compatibility Changes
* If upgrading from versions of Archiva earlier than 1.2.2, the list of libraries
in <<<wrapper.conf>>> has changed. If you have customized your copy of
<<<wrapper.conf>>>, please update it for compatibility with the version distributed
with the current release.
* Security Vulnerabilities
* A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier.
* An XSS security vulnerability (CVE-2011-0533) is present in 1.3.3 and earlier.
* Additional CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4
and earlier versions.
It is important that users using lower versions of Archiva upgrade to this version (or higher).
See {{{http://archiva.apache.org/security.html} Archiva Security}} for more details.
* Release Notes
The Archiva 1.4 feature set can be seen in the {{{tour/index.html} feature tour}}.
@ -29,6 +49,16 @@ Release Notes for Archiva 1.4
~~TODO
Previous Releases
* Changes in Archiva 1.3.5
Released: <<14 March 2011>>
** Task
* [MRM-1460] - Upgrade Archiva to Redback 1.2.7
* Changes in Archiva 1.3.4
Released: <<9 February 2011>>

149
archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/CSRFSecurityTest.java Normal file
View File

@ -0,0 +1,149 @@
package org.apache.archiva.web.test;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.archiva.web.test.parent.AbstractArchivaTest;
import org.testng.annotations.Test;
/**
* Test all actions affected with CSRF security issue.
*/
@Test( groups = { "csrf" }, dependsOnMethods = { "testWithCorrectUsernamePassword" }, sequential = true )
public class CSRFSecurityTest
extends AbstractArchivaTest
{
public void testCSRFDeleteRepository()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/deleteRepository.action?repoid=test&method%3AdeleteContents=Delete+Configuration+and+Contents" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFDeleteArtifact()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/deleteArtifact!doDelete.action?groupId=1&artifactId=1&version=1&repositoryId=snapshots" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFAddRepositoryGroup()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/addRepositoryGroup.action?repositoryGroup.id=csrfgrp" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFDeleteRepositoryGroup()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/deleteRepositoryGroup.action?repoGroupId=test&method%3Adelete=Confirm" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFDisableProxyConnector()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/disableProxyConnector!disable.action?target=maven2-repository.dev.java.net&source=internal" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFDeleteProxyConnector()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/deleteProxyConnector!delete.action?target=maven2-repository.dev.java.net&source=snapshots" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFDeleteLegacyArtifactPath()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/deleteLegacyArtifactPath.action?path=jaxen%2Fjars%2Fjaxen-1.0-FCS-full.jar" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFSaveNetworkProxy()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/saveNetworkProxy.action?mode=add&proxy.id=ntwrk&proxy.protocol=http&" +
"proxy.host=test&proxy.port=8080&proxy.username=&proxy.password=" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFDeleteNetworkProxy()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/deleteNetworkProxy!delete.action?proxyid=myproxy" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFAddFileTypePattern()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/repositoryScanning!addFiletypePattern.action?pattern=**%2F*.rum&fileTypeId=artifacts" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFRemoveFileTypePattern()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/repositoryScanning!removeFiletypePattern.action?pattern=**%2F*.rum&fileTypeId=artifacts" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFUpdateKnownConsumers()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/repositoryScanning!updateKnownConsumers.action?enabledKnownContentConsumers=auto-remove&" +
"enabledKnownContentConsumers=auto-rename&enabledKnownContentConsumers=create-missing-checksums&" +
"enabledKnownContentConsumers=index-content&enabledKnownContentConsumers=metadata-updater&" +
"enabledKnownContentConsumers=repository-purge&enabledKnownContentConsumers=update-db-artifact&" +
"enabledKnownContentConsumers=validate-checksums" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFUpdateUnprocessedConsumers()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/database!updateUnprocessedConsumers.action?enabledUnprocessedConsumers=update-db-project" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
public void testCSRFUpdateCleanupConsumers()
{
getSelenium().open( baseUrl );
getSelenium().open( baseUrl + "/admin/database!updateCleanupConsumers.action?enabledCleanupConsumers=not-present-remove-db-artifact&" +
"enabledCleanupConsumers=not-present-remove-db-project&enabledCleanupConsumers=not-present-remove-indexed" );
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
}

55
archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
View File

@ -45,6 +45,9 @@
<param name="enableReferrerCheck">false</param>
</interceptor-ref>
<interceptor-ref name="redbackPolicyEnforcement"/>
<interceptor-ref name="tokenSession">
<param name="excludeMethods">*</param>
</interceptor-ref>
<interceptor-ref name="configuration"/>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
@ -62,6 +65,9 @@
<interceptor-ref name="redbackSecureActions">
<param name="enableReferrerCheck">false</param>
</interceptor-ref>
<interceptor-ref name="tokenSession">
<param name="excludeMethods">*</param>
</interceptor-ref>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
@ -128,7 +134,8 @@
include a result for 'error' -->
<result name="error">/WEB-INF/jsp/generalError.jsp</result>
<result name="access_to_no_repos">/WEB-INF/jsp/accessToNoRepos.jsp</result>
<result name="invalid.token">/WEB-INF/jsp/redback/invalidToken.jsp</result>
</global-results>
</package>
@ -174,6 +181,9 @@
<result name="input">/WEB-INF/jsp/deleteArtifact.jsp</result>
<result name="error">/WEB-INF/jsp/deleteArtifact.jsp</result>
<result name="success">/WEB-INF/jsp/deleteArtifact.jsp</result>
<interceptor-ref name="configuredArchivaStack">
<param name="tokenSession.includeMethods">doDelete</param>
</interceptor-ref>
</action>
<action name="checksumSearch" class="searchAction" method="findArtifact">
@ -262,19 +272,25 @@
<result name="input">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
<result name="error">/WEB-INF/jsp/admin/repositoryGroups.jsp</result>
<result name="success" type="redirect-action">repositoryGroups</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<action name="confirmDeleteRepositoryGroup" class="deleteRepositoryGroupAction" method="confirmDelete">
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<action name="deleteRepositoryGroup" class="deleteRepositoryGroupAction" method="delete">
<result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
<result name="error">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result>
<result name="success" type="redirect-action">repositoryGroups</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<action name="addRepositoryToGroup" class="repositoryGroupsAction" method="addRepositoryToGroup">
@ -334,14 +350,18 @@
<action name="confirmDeleteRepository" class="deleteManagedRepositoryAction" method="confirmDelete">
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<action name="deleteRepository" class="deleteManagedRepositoryAction" method="delete">
<result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
<result name="error">/WEB-INF/jsp/admin/deleteRepository.jsp</result>
<result name="success" type="redirect-action">repositories</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<action name="addRemoteRepository" class="addRemoteRepositoryAction" method="input">
@ -410,7 +430,9 @@
<action name="deleteProxyConnector" class="deleteProxyConnectorAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/deleteProxyConnector.jsp</result>
<result name="success" type="redirect-action">proxyConnectors</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<action name="enableProxyConnector" class="enableProxyConnectorAction" method="confirm">
@ -422,7 +444,9 @@
<action name="disableProxyConnector" class="disableProxyConnectorAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/disableProxyConnector.jsp</result>
<result name="success" type="redirect-action">proxyConnectors</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
@ -447,13 +471,17 @@
<action name="saveNetworkProxy" class="configureNetworkProxyAction" method="save">
<result name="input">/WEB-INF/jsp/admin/editNetworkProxy.jsp</result>
<result name="success" type="redirect-action">networkProxies</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<action name="deleteNetworkProxy" class="configureNetworkProxyAction" method="confirm">
<result name="input">/WEB-INF/jsp/admin/deleteNetworkProxy.jsp</result>
<result name="success" type="redirect-action">networkProxies</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
<!-- .\ REPOSITORY SCANNING \._____________________________________ -->
@ -463,6 +491,9 @@
<result name="success" type="redirect-action">
<param name="actionName">repositoryScanning</param>
</result>
<interceptor-ref name="configuredArchivaStack">
<param name="tokenSession.includeMethods">removeFiletypePattern,addFiletypePattern,updateKnownConsumers,updateInvalidConsumers</param>
</interceptor-ref>
</action>
<!-- .\ CONFIGURATION \.___________________________________________ -->
@ -507,7 +538,9 @@
<result name="input">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
<result name="error">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result>
<result name="success" type="redirect-action">legacyArtifactPath</result>
<interceptor-ref name="configuredPrepareParamsStack"/>
<interceptor-ref name="configuredPrepareParamsStack">
<param name="tokenSession.includeMethods">*</param>
</interceptor-ref>
</action>
</package>

1
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp
View File

@ -46,6 +46,7 @@
<s:form method="post" action="deleteNetworkProxy!delete" namespace="/admin" validate="true">
<s:hidden name="proxyid"/>
<s:token/>
<s:submit value="Delete"/>
</s:form>
</div>

1
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp
View File

@ -47,6 +47,7 @@
<s:form method="post" action="deleteProxyConnector!delete" namespace="/admin" validate="true">
<s:hidden name="target"/>
<s:hidden name="source"/>
<s:token/>
<s:submit value="Delete"/>
</s:form>
</div>

1
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp
View File

@ -63,6 +63,7 @@
<s:form method="post" action="deleteRepository" namespace="/admin" validate="true" theme="simple">
<s:hidden name="repoid"/>
<s:token/>
<div class="buttons">
<s:submit value="Delete Configuration Only" method="deleteEntry" />
<s:submit value="Delete Configuration and Contents" method="deleteContents" />

1
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp
View File

@ -56,6 +56,7 @@
<s:form method="post" action="deleteRepositoryGroup" namespace="/admin" validate="true" theme="simple">
<s:hidden name="repoGroupId"/>
<div class="buttons">
<s:token/>
<s:submit value="Confirm" method="delete"/>
<s:submit value="Cancel" method="execute"/>
</div>

1
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp
View File

@ -43,6 +43,7 @@
<s:form method="post" action="disableProxyConnector!disable" namespace="/admin" validate="true">
<s:hidden name="target"/>
<s:hidden name="source"/>
<s:token/>
<s:submit value="Disable"/>
</s:form>
</div>

1
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp
View File

@ -50,6 +50,7 @@
<s:form method="post" action="saveNetworkProxy" namespace="/admin">
<s:hidden name="mode"/>
<s:token/>
<c:choose>
<c:when test="${mode == 'edit'}">

3
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp
View File

@ -73,8 +73,11 @@
<div class="controls">
<%-- TODO: make some icons --%>
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
<s:token/>
<s:url id="deleteLegacyArtifactPath" action="deleteLegacyArtifactPath">
<s:param name="path" value="%{#attr.legacyArtifactPath.path}"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteLegacyArtifactPath}">
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>

3
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp
View File

@ -71,11 +71,14 @@
<div class="controls">
<redback:ifAnyAuthorized
permissions="archiva-manage-configuration">
<s:token/>
<s:url id="editNetworkProxyUrl" action="editNetworkProxy">
<s:param name="proxyid" value="%{#attr.proxy.id}" />
</s:url>
<s:url id="deleteNetworkProxyUrl" action="deleteNetworkProxy" method="confirm">
<s:param name="proxyid" value="%{#attr.proxy.id}" />
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{editNetworkProxyUrl}">
<img src="<c:url value="/images/icons/edit.png" />" />

5
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp
View File

@ -113,6 +113,7 @@
<div class="connector ${rowColor}">
<div class="controls">
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
<s:token/>
<s:url id="sortDownProxyConnectorUrl" action="sortDownProxyConnector">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
@ -128,6 +129,8 @@
<s:url id="deleteProxyConnectorUrl" action="deleteProxyConnector" method="confirmDelete">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:url id="enableProxyConnectorUrl" action="enableProxyConnector" method="confirmEnable">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
@ -136,6 +139,8 @@
<s:url id="disableProxyConnectorUrl" action="disableProxyConnector" method="confirmDisable">
<s:param name="source" value="%{#attr.connector.sourceRepoId}"/>
<s:param name="target" value="%{#attr.connector.targetRepoId}"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<c:if test="${connector.disabled}">
<s:a href="%{enableProxyConnectorUrl}" title="Enable Proxy Connector">

6
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp
View File

@ -89,8 +89,11 @@
<s:url id="editRepositoryUrl" action="editRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
</s:url>
<s:token/>
<s:url id="deleteRepositoryUrl" action="confirmDeleteRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{editRepositoryUrl}">
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
@ -341,8 +344,11 @@
<img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/>
Edit
</s:a>
<s:token/>
<s:url id="deleteRepositoryUrl" action="confirmDeleteRemoteRepository">
<s:param name="repoid" value="%{#attr.repository.id}"/>
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteRepositoryUrl}">
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>

4
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp
View File

@ -50,6 +50,7 @@
<s:form action="addRepositoryGroup" namespace="/admin">
<span class="label">Identifier<span style="color:red">*</span>:</span>
<s:textfield size="10" label="Identifier" theme="simple" name="repositoryGroup.id"/>
<s:token/>
<s:submit value="Add Group" theme="simple" cssClass="button"/>
</s:form>
</redback:ifAnyAuthorized>
@ -71,8 +72,11 @@
<div class="managedRepo">
<div style="float:right">
<s:token/>
<s:url id="deleteRepositoryGroupUrl" action="confirmDeleteRepositoryGroup">
<s:param name="repoGroupId" value="%{#attr.repositoryGroup.key}" />
<s:param name="struts.token.name">struts.token</s:param>
<s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteRepositoryGroupUrl}" cssClass="delete">
<img src="${iconDeleteUrl}"/>

15
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp
View File

@ -40,9 +40,9 @@
<s:actionmessage />
<c:url var="iconDeleteUrl" value="/images/icons/delete.gif" />
<c:url var="iconCreateUrl" value="/images/icons/create.png" />
<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern" />
<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
<c:url var="iconCreateUrl" value="/images/icons/create.png" />
<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern"/>
<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern"/>
<script type="text/javascript">
<!--
@ -82,12 +82,11 @@
<s:form method="post" action="repositoryScanning"
namespace="/admin" validate="false"
id="filetypeForm" theme="simple">
<s:token/>
<input type="hidden" name="pattern" />
<input type="hidden" name="fileTypeId" />
</s:form>
<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" />
<c:forEach items="${fileTypeIds}" var="filetypeId" varStatus="j">
<div class="filetype">
@ -115,7 +114,7 @@
</td>
<td class="controls ${bgcolor}">
<s:a href="#" title="Remove [%{#attr.escapedPattern}] Pattern from [%{#attr.filetypeId}]"
onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}' )"
onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}' )"
theme="simple">
<img src="${iconDeleteUrl}" />
</s:a>
@ -157,6 +156,7 @@
<s:form method="post" action="repositoryScanning!updateKnownConsumers"
namespace="/admin" validate="false" theme="simple">
<s:token/>
<table class="consumers">
<tr>
<th>&nbsp;</th>
@ -213,6 +213,7 @@
<s:form method="post" action="repositoryScanning!updateInvalidConsumers"
namespace="/admin" validate="false" theme="simple">
<s:token/>
<table class="consumers">
<tr>
<th>&nbsp;</th>

1
archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp
View File

@ -36,6 +36,7 @@
<div id="contentArea">
<s:form action="deleteArtifact!doDelete" namespace="/" method="post" validate="true">
<%@ include file="/WEB-INF/jsp/include/deleteArtifactForm.jspf" %>
<s:token/>
<s:submit/>
</s:form>
</div>

21
pom.xml
View File

@ -539,7 +539,7 @@
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.3</version>
<version>1.4</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
@ -1273,6 +1273,25 @@
</plugins>
</build>
</profile>
<profile>
<id>snapshots-build</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>redback.snapshots</id>
<name>Codehaus Redback Snapshots Repository</name>
<url>http://snapshots.repository.codehaus.org/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</profile>
</profiles>
<!-- TODO: we need to push this into the parent, and also upgrade to the latest ASF parent POM -->
<distributionManagement>