diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-11-26 21:04:51 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-11-26 21:04:51 +0100 |
commit | cc09b52b5cb1c93543d8b4353dfc59b8192e79af (patch) | |
tree | c66cabed572557945ff66da64d3babe8df11143d /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet | |
parent | 7cba2dfc31076ac4ec9f4a46bc4901e7dd082121 (diff) | |
download | moa-id-spss-cc09b52b5cb1c93543d8b4353dfc59b8192e79af.tar.gz moa-id-spss-cc09b52b5cb1c93543d8b4353dfc59b8192e79af.tar.bz2 moa-id-spss-cc09b52b5cb1c93543d8b4353dfc59b8192e79af.zip |
add String escaping on same methods
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet')
3 files changed, 6 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 5f74d8fdd..67611dd72 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -254,7 +254,8 @@ public abstract class AbstractController extends MOAIDAuthConstants { //add stacktrace if debug is enabled if (Logger.isTraceEnabled()) { - config.putCustomParameter("stacktrace", getStacktraceFromException(error)); + config.putCustomParameter("stacktrace", + StringEscapeUtils.escapeHtml(getStacktraceFromException(error))); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index a146f778e..19f3fdc54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -28,6 +28,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; @@ -93,9 +94,9 @@ public class IDPSingleLogOutServlet extends AbstractController { String ssoid = ssoManager.getSSOSessionID(req); - Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART); + Object restartProcessObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART)); - Object tokkenObj = req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS); + Object tokkenObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS)); String tokken = null; String status = null; if (tokkenObj != null && tokkenObj instanceof String) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index be511d888..a7f911845 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -65,7 +65,7 @@ public class RedirectServlet { Logger.debug("Receive " + RedirectServlet.class + " Request"); String url = req.getParameter(REDIRCT_PARAM_URL); - String target = req.getParameter(MOAIDAuthConstants.PARAM_TARGET); + String target = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_TARGET)); String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT); String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); |