From fe2a02ec2afcbe2d7b9d59a9969d05923813ffdf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Nov 2017 09:38:00 +0100 Subject: fix some open CrossSiteScripting paths --- .../gv/egovernment/moa/id/auth/servlet/MonitoringController.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'id/server/modules/module-monitoring') diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java index b232b9512..fdc1c9cc1 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java @@ -30,6 +30,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -58,11 +59,9 @@ public class MonitoringController { throws ServletException, IOException{ if (authConfig.isMonitoringActive()) { - Logger.debug("Monitoring Servlet received request"); - - + Logger.debug("Monitoring Servlet received request"); + String modulename = StringEscapeUtils.escapeHtml(req.getParameter(REQUEST_ATTR_MODULE)); - String modulename = req.getParameter(REQUEST_ATTR_MODULE); if (MiscUtil.isEmpty(modulename)) { List error = tests.executeTests(); -- cgit v1.2.3