diff options
author | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-01 23:51:37 +0000 |
---|---|---|
committer | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-01 23:51:37 +0000 |
commit | f34898a84f4ff2ee2940a547efa83267fc1ec7ac (patch) | |
tree | 0201c9cd87100f3525e8201a08ae0a5655f72a23 /pki/base/common | |
parent | d2f38b9f6244bf08181967af300ebaea68c0d409 (diff) | |
download | pki-f34898a84f4ff2ee2940a547efa83267fc1ec7ac.tar.gz pki-f34898a84f4ff2ee2940a547efa83267fc1ec7ac.tar.xz pki-f34898a84f4ff2ee2940a547efa83267fc1ec7ac.zip |
Fixed bugzilla bug #717041 - Improve escaping of some enrollment inputs
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2091 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java index a2a7f3ea..94fcffc5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -379,10 +379,20 @@ public class CMSTemplate extends CMSFile { if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == '<' || in[i+1] == '>' || in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { - out[j++] = '\\'; - out[j++] = in[i+1]; - i++; + if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && + (in[i+3] == 'c' || in[i+3] == 'e')) { + out[j++] = '\\'; + out[j++] = in[i+1]; + out[j++] = in[i+2]; + out[j++] = in[i+3]; + i += 3; + } else { + out[j++] = '\\'; + out[j++] = in[i+1]; + i++; + } continue; } @@ -459,10 +469,21 @@ public class CMSTemplate extends CMSFile { } if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' || - in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't')) { - out[j++] = '\\'; - out[j++] = in[i+1]; - i++; + in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' || + in[i+1] == '<' || in[i+1] == '>' || + in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) { + if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' && + (in[i+3] == 'c' || in[i+3] == 'e')) { + out[j++] = '\\'; + out[j++] = in[i+1]; + out[j++] = in[i+2]; + out[j++] = in[i+3]; + i += 3; + } else { + out[j++] = '\\'; + out[j++] = in[i+1]; + i++; + } continue; } |