aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-ssoTransfer/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-ssoTransfer/src/main')
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java6
1 files changed, 2 insertions, 4 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 16b4ba841..dc55df05b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -187,7 +187,7 @@ public class SSOTransferServlet{
Logger.debug("Receive " + this.getClass().getName() + " request");
Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
if (tokenObj != null && tokenObj instanceof String) {
- String token = (String)tokenObj;
+ String token = StringEscapeUtils.escapeHtml((String)tokenObj);
try {
Logger.debug("Load token:" + token + " from storage.");
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000);
@@ -286,7 +286,7 @@ public class SSOTransferServlet{
Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
if (tokenObj != null && tokenObj instanceof String) {
- String token = (String)tokenObj;
+ String token = StringEscapeUtils.escapeHtml((String)tokenObj);
try {
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut);
if (container != null) {
@@ -403,8 +403,6 @@ public class SSOTransferServlet{
null);
if (ssomanager.isValidSSOSession(ssoid, null)) {
- //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);
-
//create first step of SSO Transfer GUI
IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid);