1 files changed, 10 insertions, 3 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 49acfadc..ca2c92b1 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -497,18 +497,25 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       final IGuiBuilderConfiguration config = guiConfigFactory
           .getDefaultErrorGui(HttpUtils.extractAuthUrlFromRequest(httpReq));
 
+      
       String[] errorCodeParams = null;
       if (params == null) {
         errorCodeParams = new String[] {};
+        
       } else {
         errorCodeParams = new String[params.length];
         for (int i = 0; i < params.length; i++) {
           if (params[i] != null) {
-            errorCodeParams[i] = params[i].toString();
+            /* replace all single-quotes by two single-quotes for escaping purposes to mitigate
+             * Thymeleaf error in: 
+             *    th:text="${#messages.msgWithParams('__${msg.errorCode}__', '__${msg.errorParams}__')}"
+             */            
+            errorCodeParams[i] = params[i].toString().replaceAll("'", "''");
+                        
           } else {
             errorCodeParams[i] = "null";
+            
           }
-
         }
       }
 
@@ -534,7 +541,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
 
     } catch (final GuiBuildException e) {
       log.warn("Can not build error-message GUI.", e);
-      throw new EaafException("9199", null, e);
+      throw new EaafException("internal.99", new Object[] {e.getMessage()}, e);
 
     }