aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java6
1 files changed, 4 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 7863c684e..f77042bc5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -34,6 +34,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.velocity.VelocityContext;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
@@ -364,7 +365,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
String paramName = reqParamNames.nextElement();
if (MiscUtil.isNotEmpty(paramName) &&
MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName))
- executionContext.put(paramName, httpReq.getParameter(paramName));
+ executionContext.put(paramName,
+ StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));
}
}
@@ -415,7 +417,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
requestStoreage.storePendingRequest(pendingReq);
// start process
- processEngine.start(processInstanceId);
+ processEngine.start(pendingReq);
} catch (ProcessExecutionException e) {
Throwable cause = e.getCause();
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-14 17:21:16 +0000