From 6fcfe3946fb8c252f9b7a4961720dd851f720f9a Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Sun, 9 Jan 2022 12:33:21 +0100
Subject: refactor(core): update to latest version of Velocity engine

---
 .../eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'eaaf_modules')

diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 2e30dcd9..63c8c99a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -27,8 +27,8 @@ import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.core.AuthnRequest;
 import org.opensaml.saml.saml2.core.Issuer;
@@ -134,11 +134,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
 
     if (e instanceof NoPassivAuthenticationException) {
       statusCode.setValue(StatusCode.NO_PASSIVE);
-      statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+      statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
 
     } else if (e instanceof NameIdFormatNotSupportedException) {
       statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY);
-      statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+      statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
 
     } else if (e instanceof SloException) {
       // SLOExecpetions only occurs if session information is lost
@@ -149,7 +149,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
       statusCode.setValue(ex.getStatusCodeValue());
       final String statusMessageValue = ex.getStatusMessageValue();
       if (statusMessageValue != null) {
-        statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
+        statusMessage.setMessage(StringEscapeUtils.escapeXml11(statusMessageValue));
         
       }
       
@@ -157,7 +157,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
 
     } else {
       statusCode.setValue(StatusCode.RESPONDER);
-      statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+      statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
       internalErrorCode = statusMessager.getResponseErrorCode(e);
       
     }
@@ -531,7 +531,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
     log.info(
         "Dispatch PVP2 AuthnRequest: OAURL=" + oaUrl + " Binding=" + consumerService.getBinding());
 
-    pendingReq.setSpEntityId(StringEscapeUtils.escapeHtml(oaUrl));
+    pendingReq.setSpEntityId(StringEscapeUtils.escapeHtml4(oaUrl));
     pendingReq.setOnlineApplicationConfiguration(
         authConfig.getServiceProviderConfiguration(pendingReq.getSpEntityId()));
     pendingReq.setBinding(consumerService.getBinding());
-- 
cgit v1.2.3