diff options
| author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-10 18:46:53 +0000 |
|---|---|---|
| committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-10 18:46:53 +0000 |
| commit | e16a87cf4d9bc9b9953638dbf3e68fc496b4a809 (patch) | |
| tree | 51bd7dd58c95416fcde7526bbe33c882a8d46630 /pki/base/ra/lib | |
| parent | 9b418853f5c6a7d5f10388f4b69c409f2976ad5e (diff) | |
| download | pki-e16a87cf4d9bc9b9953638dbf3e68fc496b4a809.tar.gz pki-e16a87cf4d9bc9b9953638dbf3e68fc496b4a809.tar.xz pki-e16a87cf4d9bc9b9953638dbf3e68fc496b4a809.zip | |
Bugzilla Bug #471916 - RA: input validation
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@579 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ra/lib')
| -rwxr-xr-x | pki/base/ra/lib/perl/PKI/Base/Util.pm | 15 | ||||
| -rw-r--r-- | pki/base/ra/lib/perl/PKI/Conn/CA.pm | 6 |
2 files changed, 19 insertions, 2 deletions
diff --git a/pki/base/ra/lib/perl/PKI/Base/Util.pm b/pki/base/ra/lib/perl/PKI/Base/Util.pm index 2cf6abfaa..c4b0cb1e9 100755 --- a/pki/base/ra/lib/perl/PKI/Base/Util.pm +++ b/pki/base/ra/lib/perl/PKI/Base/Util.pm @@ -26,6 +26,7 @@ package PKI::Base::Util; use Time::Local; use DBI; +use HTML::Entities; ####################################### # Constructs a util @@ -54,6 +55,13 @@ sub get_string_val() return $s; } +sub get_alphanum_val() +{ + my ($self, $s) = @_; + $s =~ s/[^A-Za-z0-9 ]*//g; + return $s; +} + sub normalize_csr() { my ($self, $s) = @_; @@ -120,4 +128,11 @@ sub test() print $o->to_str($o->to_hash("5=1;c=2")) . "\n"; } +sub html_encode() +{ + my ($self, $s) = @_; + return HTML::Entities::encode($s); +} + + 1; diff --git a/pki/base/ra/lib/perl/PKI/Conn/CA.pm b/pki/base/ra/lib/perl/PKI/Conn/CA.pm index b8cd7813b..01de23222 100644 --- a/pki/base/ra/lib/perl/PKI/Conn/CA.pm +++ b/pki/base/ra/lib/perl/PKI/Conn/CA.pm @@ -77,9 +77,11 @@ sub enroll { my $tmpfile = "/tmp/tmp-$rid-$$"; my $params = "profileId=" . $profile_id . "&" . - "requestor_name=" . $requestor_name . "&" . + "requestor_name=" . + URI::Escape::uri_escape("$requestor_name") . "&" . "cert_request_type=" . $cert_request_type . "&" . - "subject=" . $subject . "&" . + "subject=" . + URI::Escape::uri_escape("$subject") . "&" . "cert_request=" . URI::Escape::uri_escape("$cert_request") . "&" . "xmlOutput=true"; |