From c943b4f1e4549affbd369f4cb0abb518b1eef18d Mon Sep 17 00:00:00 2001
From: mjudd <devnull@localhost>
Date: Tue, 14 Apr 2009 07:48:20 +0000
Subject: [PATCH] BF [ 2728388 ] - Fix potential CSS vulnerability

---
 .../src/org/compiere/web/GetMD5FileServlet.java              | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/JasperReportsWebApp/src/org/compiere/web/GetMD5FileServlet.java b/JasperReportsWebApp/src/org/compiere/web/GetMD5FileServlet.java
index 7ebe02e868..b18e8103db 100644
--- a/JasperReportsWebApp/src/org/compiere/web/GetMD5FileServlet.java
+++ b/JasperReportsWebApp/src/org/compiere/web/GetMD5FileServlet.java
@@ -18,9 +18,12 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.compiere.interfaces.MD5;
+import org.compiere.util.Util;
 
 /**
  * Servlet Class
+ * 
+ * @author Michael Judd BF [2728388] - fix potential CSS vulnerability
  */
 public class GetMD5FileServlet extends HttpServlet {
 
@@ -55,7 +58,7 @@ public class GetMD5FileServlet extends HttpServlet {
 		throws ServletException,
 		IOException {
 		// TODO Auto-generated method stub
-		String file = req.getParameter("File");
+		String file = Util.maskHTML(req.getParameter("File"));
 		PrintWriter out = resp.getWriter();
 		out.println("<HTML><HEAD><TITLE>MD5 Hash</TITLE></HEAD><BODY>");
 		out.println("File is: "+ file + "<BR>MD5 : "+ md5.getFileMD5(file)+"<BR>");