[xgws-dev] CVS Update: codes/xsul/java/modules/msg_box/xsul/msg_box/servlet
Aleksander Andrzej Slominski
xgws-dev_at_extreme.indiana.edu
Thu Feb 22 17:08:01 2007
aslom 07/02/22 17:07:04
Modified: xsul/java/modules/msg_box/xsul/msg_box/servlet
MsgBoxServlet.java
Log:
sanitize client id so it is OK in URL
Revision Changes Path
1.14 +11 -1 codes/xsul/java/modules/msg_box/xsul/msg_box/servlet/MsgBoxServlet.java
Index: MsgBoxServlet.java
===================================================================
RCS file: /l/extreme/cvs/codes/xsul/java/modules/msg_box/xsul/msg_box/servlet/MsgBoxServlet.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -t -w -r1.13 -r1.14
--- MsgBoxServlet.java 9 Dec 2006 12:10:50 -0000 1.13
+++ MsgBoxServlet.java 22 Feb 2007 22:07:04 -0000 1.14
@@ -4,7 +4,7 @@
*
* This software is open source. See the bottom of this file for the license.
*
- * $Id: MsgBoxServlet.java,v 1.13 2006/12/09 12:10:50 aslom Exp $
+ * $Id: MsgBoxServlet.java,v 1.14 2007/02/22 22:07:04 aslom Exp $
*/
package xsul.msg_box.servlet;
@@ -183,6 +183,16 @@
XmlElement clientIdEl = requestMsg.element(MsgBoxConstants.MSG_BOX_NS, MsgBoxConstants.EL_CLIENT_ID);
if(clientIdEl != null) {
suggestedPartOfkey = clientIdEl.requiredTextContent();
+ //keep only ALPAHNUM characters in clientId
+ StringBuffer buf = new StringBuffer(suggestedPartOfkey.length());
+ for (int i = 0; i < suggestedPartOfkey.length(); i++) {
+ char c = suggestedPartOfkey.charAt(i);
+ //if(Character.isLetterOrDigit(c)) {
+ if((c >= 'A' && c <= 'Z') || (c >= 'a' && c <='z') || (c>= '0' || c <= '9')) {
+ buf.append(c);
+ }
+ }
+ suggestedPartOfkey = buf.toString();
}
String key = msgBoxStorage.createMsgBox(suggestedPartOfkey);
if(key == null) throw new IllegalStateException();