diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-10 18:48:56 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-10 18:48:56 +0000 |
commit | 069c6d0dcfdf06660a7984d12bc3afb07d272373 (patch) | |
tree | cf03ad5632bcf14085d983784060898ce5091917 /pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java | |
parent | 3ea60be8a53cbe26857bb0843368c7f4b38ffb36 (diff) | |
download | pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.gz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.xz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.zip |
Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@381 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java | 29 |
1 files changed, 3 insertions, 26 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java index cd51dd659..409a12754 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java +++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java @@ -195,29 +195,6 @@ public class SrchCerts extends CMSServlet { } } - private StringBuffer escapeValueRfc1779(String v) - { - StringBuffer result = new StringBuffer(); - - // Do we need to escape any characters - for (int i = 0; i < v.length(); i++) { - int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || - c == '>' || c == '#' || c == ';' || c == '\r' || - c == '\n' || c == '\\' || c == '"') { - result.append('\\'); - } - if (c == '\r') { - result.append("0D"); - } else if (c == '\n') { - result.append("0A"); - } else { - result.append((char)c); - } - } - return result; - } - private void buildAVAFilter(HttpServletRequest req, String paramName, String avaName, StringBuffer lf, String match) { @@ -228,12 +205,12 @@ public class SrchCerts extends CMSServlet { lf.append("(x509cert.subject=*"); lf.append(avaName); lf.append("="); - lf.append(escapeValueRfc1779(val)); + lf.append(escapeValueRfc1779(val, true)); lf.append(",*)"); lf.append("(x509cert.subject=*"); lf.append(avaName); lf.append("="); - lf.append(escapeValueRfc1779(val)); + lf.append(escapeValueRfc1779(val, true)); lf.append(")"); lf.append(")"); } else { @@ -241,7 +218,7 @@ public class SrchCerts extends CMSServlet { lf.append(avaName); lf.append("="); lf.append("*"); - lf.append(escapeValueRfc1779(val)); + lf.append(escapeValueRfc1779(val, true)); lf.append("*)"); } } |