diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-10 18:48:56 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-10 18:48:56 +0000 |
commit | 069c6d0dcfdf06660a7984d12bc3afb07d272373 (patch) | |
tree | cf03ad5632bcf14085d983784060898ce5091917 /pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java | |
parent | 3ea60be8a53cbe26857bb0843368c7f4b38ffb36 (diff) | |
download | pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.gz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.xz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.zip |
Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@381 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 1f1daec25..dceb44239 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -2122,5 +2122,30 @@ public abstract class CMSServlet extends HttpServlet { CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString())); } } + + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) + { + StringBuffer result = new StringBuffer(); + + // Do we need to escape any characters + for (int i = 0; i < v.length(); i++) { + int c = v.charAt(i); + if (c == ',' || c == '=' || c == '+' || c == '<' || + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + result.append('\\'); + if (doubleEscape) result.append('\\'); + } + if (c == '\r') { + result.append("0D"); + } else if (c == '\n') { + result.append("0A"); + } else { + result.append((char)c); + } + } + return result; + } + } |