diff options
| author | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-07-25 23:16:35 +0000 |
|---|---|---|
| committer | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-07-25 23:16:35 +0000 |
| commit | 18d00cef9fd603a167382f01f294a27ae5bffeb8 (patch) | |
| tree | 83f292767e17d1dc11d2655eba55f1cfd9da7c38 | |
| parent | cd1c619c162a5709274db09c3ed08bd2b708e9a8 (diff) | |
| download | pki-18d00cef9fd603a167382f01f294a27ae5bffeb8.tar.gz pki-18d00cef9fd603a167382f01f294a27ae5bffeb8.tar.xz pki-18d00cef9fd603a167382f01f294a27ae5bffeb8.zip | |
Bugzilla Bug 717041 - Improve escaping of some enrollment inputs like.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2086 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java | 6 | ||||
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java | 5 |
2 files changed, 6 insertions, 5 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index ef250ebf9..a2a7f3ea2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -378,7 +378,7 @@ public class CMSTemplate extends CMSFile { } if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'n' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { out[j++] = '\\'; out[j++] = in[i+1]; @@ -453,13 +453,13 @@ public class CMSTemplate extends CMSFile { for (int i = 0; i < l; i++) { char c = in[i]; - if (c > 0x5B) { + if (c > 0x5C) { out[j++] = c; continue; } if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'n' || in[i+1] == 'f' || in[i+1] == 't')) { + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't')) { out[j++] = '\\'; out[j++] = in[i+1]; i++; diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index 40132290a..09c9fc91e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -333,7 +333,7 @@ public class ProfileServlet extends CMSServlet { char c = in[i]; /* presumably this gives better performance */ - if ((c > 0x23) && (c != 0x5c)) { + if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { out[j++] = c; continue; } @@ -341,7 +341,8 @@ public class ProfileServlet extends CMSServlet { /* some inputs are coming in as '\' and 'n' */ /* see BZ 500736 for details */ if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'n' || in[i+1] == 'f' || in[i+1] == 't')) { + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { out[j++] = '\\'; out[j++] = in[i+1]; i++; |