aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java9
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java22
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java46
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java8
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java8
14 files changed, 80 insertions, 79 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
index 17d3d9e50..f2c95f391 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
@@ -33,6 +33,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
@@ -144,19 +145,19 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
} catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CertificateException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (KeyStoreException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (MessageEncodingException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index 5ee2ee6a7..b3f7c1f79 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -352,10 +352,10 @@ public class FormularCustomization implements IOnlineApplicationData {
//validate aditionalAuthBlockText
check = getAditionalAuthBlockText();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
index b2cd18c26..bac69cf34 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
@@ -203,10 +203,10 @@ public class OABPKEncryption implements IOnlineApplicationData {
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("bPK decryption keystore password contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -217,20 +217,20 @@ public class OABPKEncryption implements IOnlineApplicationData {
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("bPK decryption key alias contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = getKeyPassword();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("bPK decryption key password contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index 4cb7eba2d..c51513193 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -117,10 +117,10 @@ public class OAGeneralConfig implements IOnlineApplicationData{
//check OA FriendlyName
check = getFriendlyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("OAFriendlyName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.info("OA friendlyName is empty");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 4fecd89c1..df1786402 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -159,10 +159,10 @@ public class IndexAction extends BasicAction {
String key = null;
if (MiscUtil.isNotEmpty(username)) {
- if (ValidationHelper.containsPotentialCSSCharacter(username, false)) {
+ if (ValidationHelper.containsNotValidCharacter(username, false)) {
log.warn("Username contains potentail XSS characters: " + username);
addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
return Constants.STRUTS_ERROR;
}
} else {
@@ -614,10 +614,10 @@ public class IndexAction extends BasicAction {
if (!sessionform.isIsmandateuser()) {
check = user.getInstitut();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Organisation contains potentail XSS characters: " + check);
addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Organisation is empty");
@@ -630,7 +630,7 @@ public class IndexAction extends BasicAction {
if (!ValidationHelper.isEmailAddressFormat(check)) {
log.warn("Mailaddress is not valid: " + check);
addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Mailaddress is empty");
@@ -642,7 +642,7 @@ public class IndexAction extends BasicAction {
if (!ValidationHelper.validatePhoneNumber(check)) {
log.warn("No valid Phone Number: " + check);
addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Phonenumber is empty");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index c6b0965fe..ca018d5b0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -132,10 +132,10 @@ public class ListOAsAction extends BasicAction {
return Constants.STRUTS_SUCCESS;
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) {
+ if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) {
log.warn("SearchOA textfield contains potential XSS characters");
addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request));
return Constants.STRUTS_SUCCESS;
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
index c9a174813..4ef4bc762 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
@@ -94,10 +94,10 @@ public class FormularCustomizationValitator {
check = form.getHeader_text();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("HeaderText contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.form.header.text",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -144,10 +144,10 @@ public class FormularCustomizationValitator {
check = form.getFontType();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.warn("FontType contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
@@ -156,7 +156,7 @@ public class FormularCustomizationValitator {
if (!ValidationHelper.validateNumber(check)) {
log.warn("Applet height "+ check + " is no valid number");
errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
@@ -165,7 +165,7 @@ public class FormularCustomizationValitator {
if (!ValidationHelper.validateNumber(check)) {
log.warn("Applet width "+ check + " is no valid number");
errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index 44afd0599..f0594c38d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -62,10 +62,10 @@ public class UserDatabaseFormValidator {
if (!isPVP2Generated) {
check = form.getGivenName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("GivenName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("GivenName is empty");
@@ -75,10 +75,10 @@ public class UserDatabaseFormValidator {
check = form.getFamilyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("FamilyName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("FamilyName is empty");
@@ -89,10 +89,10 @@ public class UserDatabaseFormValidator {
if (!isMandateUser) {
check = form.getInstitut();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Organisation contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Organisation is empty");
@@ -105,7 +105,7 @@ public class UserDatabaseFormValidator {
if (!ValidationHelper.isEmailAddressFormat(check)) {
log.warn("Mailaddress is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Mailaddress is empty");
@@ -114,10 +114,10 @@ public class UserDatabaseFormValidator {
check = form.getPhone();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Phonenumber contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Phonenumber is empty");
@@ -127,10 +127,10 @@ public class UserDatabaseFormValidator {
if (form.isIsusernamepasswordallowed()) {
check = form.getUsername();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Username contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
} else {
UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 70c43d9b4..717a0c827 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -55,10 +55,10 @@ public class MOAConfigValidator {
String check = form.getSaml1SourceID();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -217,10 +217,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS Authblock TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Authblock TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -229,10 +229,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLink TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -241,10 +241,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Test-Authblock TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -253,10 +253,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Test-IdentityLink TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -271,28 +271,28 @@ public class MOAConfigValidator {
check = form.getPvp2IssuerName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 IssuerName is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = form.getPvp2OrgDisplayName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 organisation display name is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = form.getPvp2OrgName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 organisation name is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -347,10 +347,10 @@ public class MOAConfigValidator {
check = form.getSsoFriendlyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("SSO friendlyname is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -373,10 +373,10 @@ public class MOAConfigValidator {
check = form.getSsoSpecialText();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.info("SSO SpecialText is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} , request));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)} , request));
}
}
@@ -388,10 +388,10 @@ public class MOAConfigValidator {
} else {
if (!ValidationHelper.isValidAdminTarget(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("IdentificationNumber contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
String num = check.replaceAll(" ", "");
@@ -440,7 +440,7 @@ public class MOAConfigValidator {
String filename = form.getFileUploadFileName().get(i);
if (MiscUtil.isNotEmpty(filename)) {
- if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+ if (ValidationHelper.containsNotValidCharacter(filename, false)) {
log.info("SL Transformation Filename is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
index e4a091c7e..f7edbee71 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
@@ -52,28 +52,28 @@ public class PVP2ContactValidator {
String check = contact.getCompany();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 Contact: Company is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = contact.getGivenname();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 Contact: GivenName is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = contact.getSurname();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 Contact: SureName is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index fbd2f3bb3..41fce8e60 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -38,10 +38,10 @@ public class StorkConfigValidator {
// check country code
String check = current.getCountryCode();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("CPEPS config countrycode contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check);
@@ -95,10 +95,10 @@ public class StorkConfigValidator {
for(StorkAttribute check : form.getAttributes()) {
if (check != null && MiscUtil.isNotEmpty(check.getName())) {
String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
- if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) {
+ if (ValidationHelper.containsNotValidCharacter(tmp, true)) {
log.warn("default attributes contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
log.warn("default attributes do not match the requested format : " + check);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index 7e6396b75..a758088b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -140,10 +140,10 @@ public class OAAuthenticationDataValidation {
errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request));
}
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.warn("MandateProfiles contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
index d2dac3b28..2011a07f1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
@@ -66,7 +66,7 @@ public class OAFileUploadValidation {
String filename = fileName.get(i);
if (MiscUtil.isNotEmpty(filename)) {
- if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+ if (ValidationHelper.containsNotValidCharacter(filename, false)) {
log.info("Filename is not valid");
errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
index 0062beb96..ca0231577 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
@@ -64,10 +64,10 @@ public class OATargetConfigValidation {
errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("IdentificationNumber contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
@@ -129,10 +129,10 @@ public class OATargetConfigValidation {
//check targetFrindlyName();
check = form.getTargetFriendlyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}