aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-12 15:57:30 +0100
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2016-01-12 16:12:41 +0100
commit29f01a4975f637c26fbcd0b43a9c844d7d3d2e54 (patch)
tree5b22919d9791315b039a6afd8e01da8cd8673ada /id/ConfigWebTool/src
parent1092129203ea1f5c17ae8a10ec43f7907140759c (diff)
downloadmoa-id-spss-29f01a4975f637c26fbcd0b43a9c844d7d3d2e54.tar.gz
moa-id-spss-29f01a4975f637c26fbcd0b43a9c844d7d3d2e54.tar.bz2
moa-id-spss-29f01a4975f637c26fbcd0b43a9c844d7d3d2e54.zip
fetch requested attributes from configuration
Diffstat (limited to 'id/ConfigWebTool/src')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index b69d37d57..b73859d81 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -90,12 +90,13 @@ public class StorkConfigValidator {
// check attributes
if (MiscUtil.isNotEmpty(form.getAttributes())) {
for(StorkAttribute check : form.getAttributes()) {
- if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) {
+ String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
+ if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) {
log.warn("default attributes contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
}
- if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) {
+ if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
log.warn("default attributes do not match the requested format : " + check);
errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
new Object[] {check}, request ));