midsuit
/
core-jgi
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BF [ 2728388 ] - Fix potential CSS vulnerability

This commit is contained in:
mjudd 2009-04-03 15:15:26 +00:00
parent 4bde069ba8
commit 838ee9d116
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
serverApps/src/main/servlet/org/compiere/wstore/LocationServlet.java
View File

@ -32,13 +32,14 @@ import org.compiere.model.MLocation;
import org.compiere.model.MRegion; import org.compiere.model.MRegion;
import org.compiere.util.CLogger; import org.compiere.util.CLogger;
import org.compiere.util.WebEnv; import org.compiere.util.WebEnv;
import org.compiere.util.Util;
/** /**
* Location Servlet * Location Servlet
* *
* @author Jorg Janke * @author Jorg Janke
* @version $Id: LocationServlet.java,v 1.5 2006/07/30 00:53:21 jjanke Exp $ * @version $Id: LocationServlet.java,v 1.5 2006/07/30 00:53:21 jjanke Exp $
* @author Michael Judd BF [2728388] - fix potential CSS velnerability
*/ */
public class LocationServlet extends HttpServlet public class LocationServlet extends HttpServlet
{ {
@ -110,8 +111,9 @@ public class LocationServlet extends HttpServlet
response.setCharacterEncoding("UTF-8"); response.setCharacterEncoding("UTF-8");
PrintWriter out = response.getWriter(); PrintWriter out = response.getWriter();
String cmd = request.getParameter("cmd"); String cmd = request.getParameter("cmd");
cmd = Util.maskHTML(cmd, true);
if(cmd == null) if(cmd == null)
{ {
out.println("<error>Unknown Request: NULL</error>"); out.println("<error>Unknown Request: NULL</error>");
@ -137,7 +139,7 @@ public class LocationServlet extends HttpServlet
} }
out.println("</countries>"); out.println("</countries>");
}else if(cmd.equalsIgnoreCase("regions")){ }else if(cmd.equalsIgnoreCase("regions")){
String country = request.getParameter("country"); String country = Util.maskHTML(request.getParameter("country"), true);
try{ try{
int countryId = Integer.parseInt(country); int countryId = Integer.parseInt(country);

3
serverApps/src/main/servlet/org/compiere/wstore/SearchServlet.java
View File

@ -45,6 +45,7 @@ import org.compiere.util.WebUtil;
* *
* @author Jorg Janke * @author Jorg Janke
* @version $Id$ * @version $Id$
* @author Michael Judd BF [2728388] - fix potential CSS velnerability
*/ */
public class SearchServlet extends HttpServlet public class SearchServlet extends HttpServlet
{ {
@ -126,7 +127,7 @@ public class SearchServlet extends HttpServlet
int warehouseID = WebUtil.getParameterAsInt(request, "warehouseID"); int warehouseID = WebUtil.getParameterAsInt(request, "warehouseID");
int partnerID = WebUtil.getParameterAsInt(request, "partnerID"); int partnerID = WebUtil.getParameterAsInt(request, "partnerID");
String get = request.getParameter("get"); String get = Util.maskHTML(request.getParameter("get"), true);
if(get == null) if(get == null)
{ {
out.println("<error>Unknown Request: NULL</error>"); out.println("<error>Unknown Request: NULL</error>");