diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-11-30 10:53:50 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-11-30 10:53:50 +0100 |
commit | 57ffbe830705003caa2af2e12f7e38c38d3a2ff8 (patch) | |
tree | d6ffa9214b73096b592b2a4a3468aadbaaacc880 | |
parent | 6f198db080646dc7fd9708fe30cbe7ed9565909d (diff) | |
download | pdf-as-4-57ffbe830705003caa2af2e12f7e38c38d3a2ff8.tar.gz pdf-as-4-57ffbe830705003caa2af2e12f7e38c38d3a2ff8.tar.bz2 pdf-as-4-57ffbe830705003caa2af2e12f7e38c38d3a2ff8.zip |
fixed XSS for locale parameter
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java index 1c515efa..8a58d364 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java @@ -181,7 +181,13 @@ public class PdfAsParameterExtractor { } public static String getLocale(HttpServletRequest request) { - return (String)request.getAttribute(PARAM_LOCALE); + String locale = (String)request.getAttribute(PARAM_LOCALE); + if(locale != null) { + if ("DE".equalsIgnoreCase(locale) || "EN".equalsIgnoreCase(locale)) { + return locale; + } + } + return null; } public static String getNumBytes(HttpServletRequest request) { |