midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BF [ 2728388 ] - Fix potential CSS vulnerability

This commit is contained in:
mjudd 2009-04-14 07:48:20 +00:00
parent aeaee5d1a0
commit c943b4f1e4
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
JasperReportsWebApp/src/org/compiere/web/GetMD5FileServlet.java
View File

@ -18,9 +18,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.compiere.interfaces.MD5; import org.compiere.interfaces.MD5;
import org.compiere.util.Util;
/** /**
* Servlet Class * Servlet Class
*
* @author Michael Judd BF [2728388] - fix potential CSS vulnerability
*/ */
public class GetMD5FileServlet extends HttpServlet { public class GetMD5FileServlet extends HttpServlet {
@ -55,7 +58,7 @@ public class GetMD5FileServlet extends HttpServlet {
throws ServletException, throws ServletException,
IOException { IOException {
// TODO Auto-generated method stub // TODO Auto-generated method stub
String file = req.getParameter("File"); String file = Util.maskHTML(req.getParameter("File"));
PrintWriter out = resp.getWriter(); PrintWriter out = resp.getWriter();
out.println("<HTML><HEAD><TITLE>MD5 Hash</TITLE></HEAD><BODY>"); out.println("<HTML><HEAD><TITLE>MD5 Hash</TITLE></HEAD><BODY>");
out.println("File is: "+ file + "<BR>MD5 : "+ md5.getFileMD5(file)+"<BR>"); out.println("File is: "+ file + "<BR>MD5 : "+ md5.getFileMD5(file)+"<BR>");