From 32d15e2027be9716789f86294f517fc9183f989c Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Mon, 29 Feb 2016 20:39:44 -0500
Subject: [PATCH] KEYCLOAK-2510

---
 .../java/org/keycloak/saml/common/util/TransformerUtil.java    | 2 ++
 .../main/resources/theme/base/admin/resources/js/services.js   | 3 +--
 .../theme/base/admin/resources/partials/password-policy.html   | 2 +-
 .../resources/theme/keycloak/admin/resources/css/styles.css    | 0
 4 files changed, 4 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 themes/src/main/resources/theme/keycloak/admin/resources/css/styles.css

diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
index 372a5dabc7..4e43c3d333 100755
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
@@ -113,6 +113,7 @@ public class TransformerUtil {
                     transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
                 } catch (TransformerConfigurationException ignored) {
                     // some platforms don't support this.   For example our testsuite pulls Selenium which requires Xalan 2.7.1
+                    logger.warn("XML External Entity switches are not supported.  You may get XML injection vulnerabilities.");
                 }
                 try {
                     transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
@@ -120,6 +121,7 @@ public class TransformerUtil {
                     transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
                 } catch (Exception ignored) {
                     // some platforms don't support this.   For example our testsuite pulls Selenium which requires Xalan 2.7.1
+                    logger.warn("XML External Entity switches are not supported.  You may get XML injection vulnerabilities.");
                 }
 
             } finally {
diff --git a/themes/src/main/resources/theme/base/admin/resources/js/services.js b/themes/src/main/resources/theme/base/admin/resources/js/services.js
index 3c9d645186..1ec8513972 100755
--- a/themes/src/main/resources/theme/base/admin/resources/js/services.js
+++ b/themes/src/main/resources/theme/base/admin/resources/js/services.js
@@ -1315,10 +1315,9 @@ module.factory('PasswordPolicy', function() {
         if (!policies || policies.length == 0) {
             return "";
         }
-
         var policyString = "";
 
-        for (var i in policies){
+        for (var i = 0; i < policies.length; i++) {
             policyString += policies[i].name;
             if ( policies[i].value ){
                 policyString += '(' + policies[i].value + ')';
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html b/themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
index 81d8f1d1d3..eeca9abcca 100755
--- a/themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
+++ b/themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
@@ -34,7 +34,7 @@
                            placeholder="{{:: 'no-value-assigned.placeholder' | translate}}" min="1" required>
                 </td>
                 <td class="kc-action-cell">
-                    <button type="button" class="btn btn-default btn-block btn-sm" ng-click="removePolicy($index)">{{:: 'delete' | translate}}</button>
+                    <button class="btn btn-default btn-block btn-sm" ng-click="removePolicy($index)">{{:: 'delete' | translate}}</button>
                 </td>
             </tr>
             </tbody>
diff --git a/themes/src/main/resources/theme/keycloak/admin/resources/css/styles.css b/themes/src/main/resources/theme/keycloak/admin/resources/css/styles.css
old mode 100644
new mode 100755