diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-10 18:48:56 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-10 18:48:56 +0000 |
commit | 069c6d0dcfdf06660a7984d12bc3afb07d272373 (patch) | |
tree | cf03ad5632bcf14085d983784060898ce5091917 /pki/base/common/src/com/netscape/cms/servlet/profile | |
parent | 3ea60be8a53cbe26857bb0843368c7f4b38ffb36 (diff) | |
download | pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.gz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.xz pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.zip |
Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@381 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/profile')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java | 3 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java | 16 |
2 files changed, 14 insertions, 5 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java index ff4c8d7bf..3c13eda56 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java @@ -328,7 +328,8 @@ public class ProfileServlet extends CMSServlet { for (int i = 0; i < l; i++) { char c = in[i]; - if (c > 0x23) { + /* presumably this gives better performance */ + if ((c > 0x23) && (c != 0x5c)) { out[j++] = c; continue; } diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 894ecd49d..6a5263fcf 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -107,9 +107,13 @@ public class ProfileSubmitServlet extends ProfileServlet { while (inputNames.hasMoreElements()) { String inputName = (String) inputNames.nextElement(); - if (request.getParameter(inputName) != null) { - ctx.set(inputName, request.getParameter(inputName)); + // all subject name parameters start with sn_, no other input parameters do + if (inputName.matches("^sn_.*")) { + ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); + } else { + ctx.set(inputName, request.getParameter(inputName)); + } } } } @@ -306,7 +310,12 @@ public class ProfileSubmitServlet extends ProfileServlet { String inputName = (String) inputNames.nextElement(); if (request.getParameter(inputName) != null) { - req.setExtData(inputName, request.getParameter(inputName)); + // special characters in subject names parameters must be escaped + if (inputName.matches("^sn_.*")) { + req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString()); + } else { + req.setExtData(inputName, request.getParameter(inputName)); + } } } } @@ -351,7 +360,6 @@ public class ProfileSubmitServlet extends ProfileServlet { } - private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) { Enumeration outputIds = profile.getProfileOutputIds(); |