From bfc084ae3d23bb33fce94abf0e81525704f2932c Mon Sep 17 00:00:00 2001 From: awnuk Date: Tue, 2 Aug 2011 00:00:30 +0000 Subject: Fixed bugzilla bug #717041 - Improve escaping of some enrollment inputs git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2092 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../src/com/netscape/cms/servlet/base/CMSServlet.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'pki/base') diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 9e0f1f32..c823143b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -2283,8 +2283,21 @@ public abstract class CMSServlet extends HttpServlet { if (c == ',' || c == '=' || c == '+' || c == '<' || c == '>' || c == '#' || c == ';' || c == '\r' || c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i+1) < v.length())) { + int nextC = v.charAt(i+1); + if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || + nextC == '<' || nextC == '>' || nextC == '#' || + nextC == ';' || nextC == '\r' || nextC == '\n' || + nextC == '\\' || nextC == '"')) { + if (doubleEscape) result.append('\\'); + } else { result.append('\\'); if (doubleEscape) result.append('\\'); + } + } else { + result.append('\\'); + if (doubleEscape) result.append('\\'); + } } if (c == '\r') { result.append("0D"); -- cgit