diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 0f9b615a4..aebcf372e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -27,6 +27,7 @@ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -51,7 +52,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { //read pendingRequest from http request - Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + Object idObject = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); IRequest pendingReq = null; String pendingRequestID = null; if (idObject != null && (idObject instanceof String)) { @@ -61,7 +62,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon } //receive an authentication error - String errorid = req.getParameter(ERROR_CODE_PARAM); + String errorid = StringEscapeUtils.escapeHtml(req.getParameter(ERROR_CODE_PARAM)); if (errorid != null) { try { //load stored exception from database |