Quantcast

cxf-fediz git commit: Escape error messages relating to invalid URIs etc.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

cxf-fediz git commit: Escape error messages relating to invalid URIs etc.

coheigea
Administrator
Repository: cxf-fediz
Updated Branches:
  refs/heads/master aabc68bd5 -> 138052b5f


Escape error messages relating to invalid URIs etc.


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/138052b5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/138052b5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/138052b5

Branch: refs/heads/master
Commit: 138052b5f0e1c32fe7f8add977c6f7bf702605d7
Parents: aabc68b
Author: Colm O hEigeartaigh <[hidden email]>
Authored: Thu May 18 10:22:16 2017 +0100
Committer: Colm O hEigeartaigh <[hidden email]>
Committed: Thu May 18 10:22:16 2017 +0100

----------------------------------------------------------------------
 .../oidc/clients/ClientRegistrationService.java        | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/138052b5/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
index cd28d33..7cdd9a8 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -51,6 +51,7 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
 
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.commons.validator.routines.DomainValidator;
 import org.apache.commons.validator.routines.DomainValidator.ArrayType;
 import org.apache.commons.validator.routines.UrlValidator;
@@ -280,7 +281,8 @@ public class ClientRegistrationService {
                 throwInvalidRegistrationException("The client type must not be empty");
             }
             if (!("confidential".equals(appType) || "public".equals(appType))) {
-                throwInvalidRegistrationException("An invalid client type was specified: " + appType);
+                throwInvalidRegistrationException("An invalid client type was specified: "
+                    + StringEscapeUtils.escapeHtml4(appType));
             }
             // Client ID
             String clientId = generateClientId();
@@ -315,7 +317,8 @@ public class ClientRegistrationService {
                 for (String uri : allUris) {
                     if (!StringUtils.isEmpty(uri)) {
                         if (!isValidURI(uri, false)) {
-                            throwInvalidRegistrationException("An invalid redirect URI was specified: " + uri);
+                            throwInvalidRegistrationException("An invalid redirect URI was specified: "
+                                + StringEscapeUtils.escapeHtml4(uri));
                         }
                         redirectUris.add(uri);
                     }
@@ -327,7 +330,8 @@ public class ClientRegistrationService {
                 String[] logoutUris = logoutURI.split(" ");
                 for (String uri : logoutUris) {
                     if (!isValidURI(uri, false)) {
-                        throwInvalidRegistrationException("An invalid logout URI was specified: " + uri);
+                        throwInvalidRegistrationException("An invalid logout URI was specified: "
+                            + StringEscapeUtils.escapeHtml4(uri));
                     }
                 }
                 //TODO: replace this code with newClient.setLogoutUri() once it becomes available
@@ -341,7 +345,8 @@ public class ClientRegistrationService {
                 for (String aud : auds) {
                     if (!StringUtils.isEmpty(aud)) {
                         if (!isValidURI(aud, true)) {
-                            throwInvalidRegistrationException("An invalid audience URI was specified: " + aud);
+                            throwInvalidRegistrationException("An invalid audience URI was specified: "
+                                + StringEscapeUtils.escapeHtml4(aud));
                         }
                         registeredAuds.add(aud);
                     }

Loading...