diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-01-13 08:36:55 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-01-13 08:36:55 +0100 |
commit | fc19526f8e32ad2de2df5ea60263f8d1c2355b88 (patch) | |
tree | 11fa54ea89f0566995a067171118078a2dbab711 /id/ConfigWebTool/src/main | |
parent | 05e959fac7cca57540a768afb81fb06c3a0ae121 (diff) | |
parent | 29f01a4975f637c26fbcd0b43a9c844d7d3d2e54 (diff) | |
download | moa-id-spss-fc19526f8e32ad2de2df5ea60263f8d1c2355b88.tar.gz moa-id-spss-fc19526f8e32ad2de2df5ea60263f8d1c2355b88.tar.bz2 moa-id-spss-fc19526f8e32ad2de2df5ea60263f8d1c2355b88.zip |
Merge branch 'eSense_eIDAS_development' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into eSense_eIDAS_development
Diffstat (limited to 'id/ConfigWebTool/src/main')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index b69d37d57..b73859d81 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -90,12 +90,13 @@ public class StorkConfigValidator { // check attributes if (MiscUtil.isNotEmpty(form.getAttributes())) { for(StorkAttribute check : form.getAttributes()) { - if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) { + String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? + if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { log.warn("default attributes contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } - if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) { + if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { log.warn("default attributes do not match the requested format : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", new Object[] {check}, request )); |