summaryrefslogtreecommitdiffstats
path: root/base/server/cms
diff options
context:
space:
mode:
authorJack Magne <jmagne@localhost.localdomain>2015-05-12 13:49:00 -0700
committerJack Magne <jmagne@localhost.localdomain>2015-05-15 17:07:35 -0700
commitdd4926b4083bcd8898aef703e316403036ce581b (patch)
tree6fdb34850e94f2fe13ac5ebf74b1a713bb188260 /base/server/cms
parentc0d14140aca982ac637d5fd34f1c3ddb23836867 (diff)
downloadpki-dd4926b4083bcd8898aef703e316403036ce581b.tar.gz
pki-dd4926b4083bcd8898aef703e316403036ce581b.tar.xz
pki-dd4926b4083bcd8898aef703e316403036ce581b.zip
Fix XSS attacks on the dogtag administration page #1373.
Porting this set of fixes over from last downstream release upstream. Upon further review, decided to fix a few missing things pointed out by the code review and a few other things: 1. Too many copies of escapeJavaScriptString all over the place. Consolidated the two related functions "escapeJavaScriptString" and "escapeJavaScriptStringHTML" methods in the CMSTemplate class to be called everywhere. Removed the duplicated methods in other classes. 2. There were some places where "escapeJavaScriptString" was called, when we really wanted "escapeJavaScriptStringHTML". Fixed that everywhere. One reason for this is a copied version of "escapeJavaScriptString" actually was identical to CMSTemplate.escapeJavaScriptString, which has been removed. XSS fixes.
Diffstat (limited to 'base/server/cms')
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/DisplayCRL.java2
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java9
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java5
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java15
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java113
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java5
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java5
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java7
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java3
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java93
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java5
-rw-r--r--base/server/cms/src/com/netscape/cms/servlet/request/CheckRequest.java6
12 files changed, 127 insertions, 141 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/base/server/cms/src/com/netscape/cms/servlet/cert/DisplayCRL.java
index 3c9d5778c..e42deeead 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/DisplayCRL.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/DisplayCRL.java
@@ -231,7 +231,7 @@ public class DisplayCRL extends CMSServlet {
}
if (crlIssuingPointId == null) {
header.addStringValue("error",
- "Request to unspecified or non-existing CRL issuing point: " + ipId);
+ "Request to unspecified or non-existing CRL issuing point: " + CMSTemplate.escapeJavaScriptStringHTML(ipId));
return;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
index ee56f0139..8d9d05cb7 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
@@ -38,6 +38,7 @@ import com.netscape.certsrv.profile.ProfileAttribute;
import com.netscape.certsrv.profile.ProfileInput;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.profile.SSLClientCertProvider;
import com.netscape.cmsutil.ldap.LDAPUtil;
@@ -92,8 +93,8 @@ public class EnrollmentProcessor extends CertProcessor {
IProfile profile = ps.getProfile(profileId);
if (profile == null) {
- CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
- throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
+ throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND",CMSTemplate.escapeJavaScriptStringHTML(profileId)));
}
CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
@@ -136,8 +137,8 @@ public class EnrollmentProcessor extends CertProcessor {
IProfile profile = ps.getProfile(profileId);
if (profile == null) {
- CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
- throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
+ throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
}
if (!ps.isProfileEnable(profileId)) {
CMS.debug("EnrollmentSubmitter: Profile " + profileId + " not enabled");
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/base/server/cms/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
index af8b3cc02..afba86683 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
@@ -18,8 +18,8 @@
package com.netscape.cms.servlet.cert;
import java.io.IOException;
-import java.util.Locale;
import java.math.BigInteger;
+import java.util.Locale;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -49,6 +49,7 @@ import com.netscape.certsrv.request.RequestId;
import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
@@ -175,7 +176,7 @@ public class GetCertFromRequest extends CMSServlet {
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId));
throw new EBaseException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ CMS.getUserMessage(getLocale(httpReq), "CMS_BASE_INVALID_NUMBER_FORMAT_1", CMSTemplate.escapeJavaScriptStringHTML(requestId)));
}
IRequest r = mQueue.findRequest(new RequestId(requestId));
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
index 7daad6c96..efd1d7b0c 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
@@ -46,6 +46,7 @@ import com.netscape.certsrv.profile.IProfileContext;
import com.netscape.certsrv.profile.IProfileInput;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.profile.SSLClientCertProvider;
public class RenewalProcessor extends CertProcessor {
@@ -59,7 +60,8 @@ public class RenewalProcessor extends CertProcessor {
String profileId = (this.profileID == null) ? req.getParameter("profileId") : this.profileID;
IProfile profile = ps.getProfile(profileId);
if (profile == null) {
- throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND",
+ CMSTemplate.escapeJavaScriptStringHTML(profileId)));
}
CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
@@ -83,7 +85,7 @@ public class RenewalProcessor extends CertProcessor {
throws EBaseException {
try {
if (CMS.debugOn()) {
- HashMap<String,String> params = data.toParams();
+ HashMap<String, String> params = data.toParams();
printParameterValues(params);
}
CMS.debug("RenewalSubmitter: isRenewal true");
@@ -98,8 +100,9 @@ public class RenewalProcessor extends CertProcessor {
IProfile renewProfile = ps.getProfile(renewProfileId);
if (renewProfile == null) {
- CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
- throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
+ CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND",
+ CMSTemplate.escapeJavaScriptStringHTML(renewProfileId)));
+ throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND",CMSTemplate.escapeJavaScriptStringHTML(renewProfileId)));
}
if (!ps.isProfileEnable(renewProfileId)) {
CMS.debug("RenewalSubmitter: Profile " + renewProfileId + " not enabled");
@@ -171,8 +174,8 @@ public class RenewalProcessor extends CertProcessor {
Integer origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
IProfile profile = ps.getProfile(profileId);
if (profile == null) {
- CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
- throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ CMS.debug(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND",CMSTemplate.escapeJavaScriptStringHTML(profileId)));
+ throw new EBaseException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
}
if (!ps.isProfileEnable(profileId)) {
CMS.debug("RenewalSubmitter: Profile " + profileId + " not enabled");
diff --git a/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java b/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java
index dc8cef68f..ba4e840ef 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java
@@ -145,7 +145,7 @@ public class CMSTemplate extends CMSFile {
CMSTemplateParams data = input;
try (HTTPOutputStreamWriter http_out = (mCharset == null ?
- new HTTPOutputStreamWriter(rout): new HTTPOutputStreamWriter(rout, mCharset))) {
+ new HTTPOutputStreamWriter(rout) : new HTTPOutputStreamWriter(rout, mCharset))) {
templateLine out = new templateLine();
// Output the prolog
@@ -319,7 +319,7 @@ public class CMSTemplate extends CMSFile {
if (v.equals(""))
s = "null";
else
- s = "\"" + escapeJavaScriptString((String) v) + "\"";
+ s = "\"" + CMSTemplate.escapeJavaScriptString((String) v) + "\"";
} else if (v instanceof Integer) {
s = ((Integer) v).toString();
} else if (v instanceof Boolean) {
@@ -347,6 +347,7 @@ public class CMSTemplate extends CMSFile {
* portion of an HTML document.
* stevep - performance improvements - about 4 times faster than before.
*/
+
public static String escapeJavaScriptString(String v) {
int l = v.length();
char in[] = new char[l];
@@ -358,28 +359,55 @@ public class CMSTemplate extends CMSFile {
for (int i = 0; i < l; i++) {
char c = in[i];
- if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
+ if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e) && (c != 0x3b)) {
out[j++] = c;
continue;
}
- if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
- in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
- in[i + 1] == '<' || in[i + 1] == '>' ||
- in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
- if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
- (in[i + 3] == 'c' || in[i + 3] == 'e')) {
+ /* some inputs are coming in as '\' and 'n' */
+ /* see BZ 500736 for details */
+ if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
+ in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
+ in[i+1] == '<' || in[i+1] == '>' ||
+ in[i+1] == 'x' || in[i+1] == ';' ||
+ in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
+ if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
+ (in[i+3] == 'c' || in[i+3] == 'e')) {
out[j++] = '\\';
- out[j++] = in[i + 1];
- out[j++] = in[i + 2];
- out[j++] = in[i + 3];
+ out[j++] = in[i+1];
+ out[j++] = in[i+2];
+ out[j++] = in[i+3];
i += 3;
+ continue;
+ } else if (in[i+1] == '<' || in[i+1] == '>') {
+ c = in[i+1];
+ i++;
+ } else if (in[i+1] == ';') {
+ out[j++] = in[i+1];
+ i++;
+ continue;
} else {
out[j++] = '\\';
- out[j++] = in[i + 1];
+ out[j++] = in[i+1];
i++;
+ continue;
+ }
+ }
+ if (c == '&') {
+ int k;
+ for (k = 0; k < 8 && (i+k) < l; k++) {
+ out[j+k] = in[i+k];
+ if (in[i+k] == ';') break;
+ if (in[i+k] == '<' || in[i+k] == '>') {
+ k = 8;
+ break;
+ }
+ }
+ if (k < 8) {
+ i += k;
+ j += k + 1;
+ continue;
}
- continue;
}
switch (c) {
@@ -427,6 +455,14 @@ public class CMSTemplate extends CMSFile {
out[j++] = 'e';
break;
+ case '&':
+ out[j++] = '&';
+ out[j++] = 'a';
+ out[j++] = 'm';
+ out[j++] = 'p';
+ out[j++] = ';';
+ break;
+
default:
out[j++] = c;
}
@@ -438,10 +474,11 @@ public class CMSTemplate extends CMSFile {
* Like escapeJavaScriptString(String s) but also escape '[' for
* HTML processing.
*/
+
public static String escapeJavaScriptStringHTML(String v) {
int l = v.length();
char in[] = new char[l];
- char out[] = new char[l * 4];
+ char out[] = new char[l * 8];
int j = 0;
v.getChars(0, l, in, 0);
@@ -457,6 +494,7 @@ public class CMSTemplate extends CMSFile {
if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
in[i + 1] == '<' || in[i + 1] == '>' ||
+ in[i + 1] == 'x' || in[i + 1] == ';' ||
in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
(in[i + 3] == 'c' || in[i + 3] == 'e')) {
@@ -465,12 +503,38 @@ public class CMSTemplate extends CMSFile {
out[j++] = in[i + 2];
out[j++] = in[i + 3];
i += 3;
+
+ continue;
+ } else if (in[i + 1] == '<' || in[i + 1] == '>') {
+ c = in[i + 1];
+ i++;
+ } else if (in[i + 1] == ';') {
+ out[j++] = in[i + 1];
+ i++;
+ continue;
} else {
out[j++] = '\\';
out[j++] = in[i + 1];
i++;
+ continue;
+ }
+ }
+ if (c == '&') {
+ int k;
+ for (k = 0; k < 8 && (i + k) < l; k++) {
+ out[j + k] = in[i + k];
+ if (in[i + k] == ';')
+ break;
+ if (in[i + k] == '<' || in[i + k] == '>') {
+ k = 8;
+ break;
+ }
+ }
+ if (k < 8) {
+ i += k;
+ j += k + 1;
+ continue;
}
- continue;
}
switch (c) {
@@ -505,16 +569,17 @@ public class CMSTemplate extends CMSFile {
break;
case '<':
- out[j++] = '\\';
- out[j++] = 'x';
- out[j++] = '3';
- out[j++] = 'c';
+ out[j++] = '&';
+ out[j++] = 'l';
+ out[j++] = 't';
+ out[j++] = ';';
break;
+
case '>':
- out[j++] = '\\';
- out[j++] = 'x';
- out[j++] = '3';
- out[j++] = 'e';
+ out[j++] = '&';
+ out[j++] = 'g';
+ out[j++] = 't';
+ out[j++] = ';';
break;
default:
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index 7b5343000..7ae623f32 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -44,6 +44,7 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
/**
* Toggle the approval state of a profile
@@ -359,14 +360,14 @@ public class ProfileApproveServlet extends ProfileServlet {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, e.toString());
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
outputTemplate(request, response, args);
return;
}
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
outputTemplate(request, response, args);
return;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
index 82b168e6f..33de8ff90 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
@@ -45,6 +45,7 @@ import com.netscape.certsrv.template.ArgSet;
import com.netscape.certsrv.template.ArgString;
import com.netscape.cms.servlet.cert.RequestProcessor;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
/**
* This servlet approves profile-based request.
@@ -89,14 +90,14 @@ public class ProfileProcessServlet extends ProfileServlet {
IRequest req = processor.getRequest(requestId);
if (req == null) {
- setError(args, CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", requestId), request, response);
+ setError(args, CMS.getUserMessage(locale, "CMS_REQUEST_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(requestId)), request, response);
return;
}
String profileId = req.getExtDataInString("profileId");
if (profileId == null || profileId.equals("")) {
CMS.debug("ProfileProcessServlet: Profile Id not found");
- setError(args, CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND"), request, response);
+ setError(args, CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND",CMSTemplate.escapeJavaScriptStringHTML(profileId)), request, response);
return;
}
CMS.debug("ProfileProcessServlet: profileId=" + profileId);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
index 2b3ef83bb..3cbf0f96b 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
@@ -51,6 +51,7 @@ import com.netscape.certsrv.request.RequestId;
import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
/**
* This servlet allows reviewing of profile-based request.
@@ -201,7 +202,7 @@ public class ProfileReviewServlet extends ProfileServlet {
if (req == null) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_REQUEST_NOT_FOUND", requestId));
+ "CMS_REQUEST_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(requestId)));
outputTemplate(request, response, args);
return;
}
@@ -222,7 +223,7 @@ public class ProfileReviewServlet extends ProfileServlet {
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND",CMSTemplate.escapeJavaScriptStringHTML(profileId)));
outputTemplate(request, response, args);
return;
}
@@ -287,7 +288,7 @@ public class ProfileReviewServlet extends ProfileServlet {
args.set(ARG_REQUEST_NOTES, "");
} else {
args.set(ARG_REQUEST_NOTES,
- req.getExtDataInString("requestNotes"));
+ CMSTemplate.escapeJavaScriptStringHTML(req.getExtDataInString("requestNotes")));
}
args.set(ARG_RECORD, list);
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
index 10013c88c..4b246793e 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
@@ -46,6 +46,7 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
/**
* Retrieve detailed information of a particular profile.
@@ -183,7 +184,7 @@ public class ProfileSelectServlet extends ProfileServlet {
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND", CMSTemplate.escapeJavaScriptStringHTML(profileId)));
outputTemplate(request, response, args);
return;
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java
index be331d6ef..614565140 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileServlet.java
@@ -44,6 +44,7 @@ import com.netscape.certsrv.util.IStatsSubsystem;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.ServletUtils;
/**
@@ -390,103 +391,13 @@ public class ProfileServlet extends CMSServlet {
statEvents.remove(event);
}
- protected String escapeJavaScriptString(String v) {
- int l = v.length();
- char in[] = new char[l];
- char out[] = new char[l * 4];
- int j = 0;
-
- v.getChars(0, l, in, 0);
-
- for (int i = 0; i < l; i++) {
- char c = in[i];
-
- /* presumably this gives better performance */
- if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
- out[j++] = c;
- continue;
- }
-
- /* some inputs are coming in as '\' and 'n' */
- /* see BZ 500736 for details */
- if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
- in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
- in[i + 1] == '<' || in[i + 1] == '>' ||
- in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
- if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
- (in[i + 3] == 'c' || in[i + 3] == 'e')) {
- out[j++] = '\\';
- out[j++] = in[i + 1];
- out[j++] = in[i + 2];
- out[j++] = in[i + 3];
- i += 3;
- } else {
- out[j++] = '\\';
- out[j++] = in[i + 1];
- i++;
- }
- continue;
- }
-
- switch (c) {
- case '\n':
- out[j++] = '\\';
- out[j++] = 'n';
- break;
-
- case '\\':
- out[j++] = '\\';
- out[j++] = '\\';
- break;
-
- case '\"':
- out[j++] = '\\';
- out[j++] = '\"';
- break;
-
- case '\r':
- out[j++] = '\\';
- out[j++] = 'r';
- break;
-
- case '\f':
- out[j++] = '\\';
- out[j++] = 'f';
- break;
-
- case '\t':
- out[j++] = '\\';
- out[j++] = 't';
- break;
-
- case '<':
- out[j++] = '\\';
- out[j++] = 'x';
- out[j++] = '3';
- out[j++] = 'c';
- break;
-
- case '>':
- out[j++] = '\\';
- out[j++] = 'x';
- out[j++] = '3';
- out[j++] = 'e';
- break;
-
- default:
- out[j++] = c;
- }
- }
- return new String(out, 0, j);
- }
-
protected void outputArgString(PrintWriter writer, String name, ArgString str)
throws IOException {
String s = str.getValue();
// sub \n with "\n"
if (s != null) {
- s = escapeJavaScriptString(s);
+ s = CMSTemplate.escapeJavaScriptStringHTML(s);
}
writer.println(name + "=\"" + s + "\";");
}
diff --git a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index 1ee527c97..f3adc5e85 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -62,6 +62,7 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.common.AuthCredentials;
import com.netscape.cms.servlet.common.CMCOutputTemplate;
import com.netscape.cms.servlet.common.CMSRequest;
+import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cmsutil.util.Utils;
/**
@@ -331,7 +332,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND",CMSTemplate.escapeJavaScriptStringHTML(profileId)));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
@@ -347,7 +348,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND",CMSTemplate.escapeJavaScriptStringHTML(profileId)));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
diff --git a/base/server/cms/src/com/netscape/cms/servlet/request/CheckRequest.java b/base/server/cms/src/com/netscape/cms/servlet/request/CheckRequest.java
index 246cefd8c..cba79c338 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -279,9 +279,9 @@ public class CheckRequest extends CMSServlet {
try {
new BigInteger(requestId);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
throw new EBaseException(
- CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1",CMSTemplate.escapeJavaScriptStringHTML( requestId)));
}
IRequest r = mQueue.findRequest(new RequestId(requestId));
@@ -321,7 +321,7 @@ public class CheckRequest extends CMSServlet {
header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
if (note != null && note.length() > 0)
- header.addStringValue("requestNotes", note);
+ header.addStringValue("requestNotes",CMSTemplate.escapeJavaScriptStringHTML(note));
String type = r.getRequestType();
Integer result = r.getExtDataInInteger(IRequest.RESULT);
generated by cgit (git 2.34.1) at 2024-07-01 03:45:05 +0000