From 18d00cef9fd603a167382f01f294a27ae5bffeb8 Mon Sep 17 00:00:00 2001
From: jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Mon, 25 Jul 2011 23:16:35 +0000
Subject: Bugzilla Bug 717041 - Improve escaping of some enrollment inputs
 like.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2086 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 .../common/src/com/netscape/cms/servlet/common/CMSTemplate.java     | 6 +++---
 .../common/src/com/netscape/cms/servlet/profile/ProfileServlet.java | 5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)

(limited to 'pki/base/common')

diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
index ef250ebf9..a2a7f3ea2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
@@ -378,7 +378,7 @@ public class CMSTemplate extends CMSFile {
             }
 
             if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'n' || in[i+1] == 'f' || in[i+1] == 't' ||
+                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
                  in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
                 out[j++] = '\\';
                 out[j++] = in[i+1];
@@ -453,13 +453,13 @@ public class CMSTemplate extends CMSFile {
         for (int i = 0; i < l; i++) {
             char c = in[i];
 
-            if (c > 0x5B) {
+            if (c > 0x5C) {
                 out[j++] = c;
                 continue;
             }
 
             if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'n' || in[i+1] == 'f' || in[i+1] == 't')) {
+                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't')) {
                 out[j++] = '\\';
                 out[j++] = in[i+1];
                 i++;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
index 40132290a..09c9fc91e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
@@ -333,7 +333,7 @@ public class ProfileServlet extends CMSServlet {
             char c = in[i];
 
             /* presumably this gives better performance */
-            if ((c > 0x23) && (c != 0x5c)) {
+            if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { 
                 out[j++] = c;
                 continue;
             }
@@ -341,7 +341,8 @@ public class ProfileServlet extends CMSServlet {
             /* some inputs are coming in as '\' and 'n' */
             /* see BZ 500736 for details */
             if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'n' || in[i+1] == 'f' || in[i+1] == 't')) {
+                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
+                 in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
                 out[j++] = '\\';
                 out[j++] = in[i+1];
                 i++;
-- 
cgit