Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@381 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-04-10 18:48:56 +0000
committer: alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-04-10 18:48:56 +0000
commit: 069c6d0dcfdf06660a7984d12bc3afb07d272373 (patch)
tree: cf03ad5632bcf14085d983784060898ce5091917 /pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
parent: 3ea60be8a53cbe26857bb0843368c7f4b38ffb36 (diff)
download: pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.gz
pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.xz
pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.zip
1 files changed, 3 insertions, 26 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
index cd51dd659..409a12754 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
@@ -195,29 +195,6 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private StringBuffer escapeValueRfc1779(String v)
-    {
-        StringBuffer result = new StringBuffer();
-
-        // Do we need to escape any characters
-        for (int i = 0; i < v.length(); i++) {
-            int c = v.charAt(i);
-            if (c == ',' || c == '=' || c == '+' || c == '<' ||
-                c == '>' || c == '#' || c == ';' || c == '\r' ||
-                c == '\n' || c == '\\' || c == '"') {
-                        result.append('\\');
-            }
-            if (c == '\r') {
-                result.append("0D");
-            } else if (c == '\n') {
-                result.append("0A");
-            } else {
-                result.append((char)c);
-            }
-        }
-        return result;
-    }
-
     private void buildAVAFilter(HttpServletRequest req, String paramName, 
                                  String avaName, StringBuffer lf, String match)
     {
@@ -228,12 +205,12 @@ public class SrchCerts extends CMSServlet {
                 lf.append("(x509cert.subject=*");
                 lf.append(avaName);
                 lf.append("=");
-                lf.append(escapeValueRfc1779(val));
+                lf.append(escapeValueRfc1779(val, true));
                 lf.append(",*)");
                 lf.append("(x509cert.subject=*");
                 lf.append(avaName);
                 lf.append("=");
-                lf.append(escapeValueRfc1779(val));
+                lf.append(escapeValueRfc1779(val, true));
                 lf.append(")");
                 lf.append(")");
             } else {
@@ -241,7 +218,7 @@ public class SrchCerts extends CMSServlet {
                 lf.append(avaName);
                 lf.append("=");
                 lf.append("*");
-                lf.append(escapeValueRfc1779(val));
+                lf.append(escapeValueRfc1779(val, true));
                 lf.append("*)");
             }
         }
author	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-04-10 18:48:56 +0000
committer	alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-04-10 18:48:56 +0000
commit	069c6d0dcfdf06660a7984d12bc3afb07d272373 (patch)
tree	cf03ad5632bcf14085d983784060898ce5091917 /pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
parent	3ea60be8a53cbe26857bb0843368c7f4b38ffb36 (diff)
download	pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.gz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.xz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.zip