cxf-fediz git commit: Escape error messages relating to invalid URIs etc.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

cxf-fediz git commit: Escape error messages relating to invalid URIs etc.

coheigea
Administrator
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.3.x-fixes 386f41b3a -> 7736f28fe


Escape error messages relating to invalid URIs etc.


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7736f28f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7736f28f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7736f28f

Branch: refs/heads/1.3.x-fixes
Commit: 7736f28fea0cc85942f552578b049ed7a4e75aab
Parents: 386f41b
Author: Colm O hEigeartaigh <[hidden email]>
Authored: Thu May 18 10:22:16 2017 +0100
Committer: Colm O hEigeartaigh <[hidden email]>
Committed: Thu May 18 10:41:41 2017 +0100

----------------------------------------------------------------------
 .../fediz/service/oidc/clients/ClientRegistrationService.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7736f28f/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
index 90b2aff..b5b51d0 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -51,6 +51,7 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
 
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.commons.validator.routines.DomainValidator;
 import org.apache.commons.validator.routines.DomainValidator.ArrayType;
 import org.apache.commons.validator.routines.UrlValidator;
@@ -315,7 +316,8 @@ public class ClientRegistrationService {
             for (String uri : allUris) {
                 if (!StringUtils.isEmpty(uri)) {
                     if (!isValidURI(uri, false)) {
-                        return invalidRegistrationResponse("An invalid redirect URI was specified: " + uri);
+                        return invalidRegistrationResponse("An invalid redirect URI was specified: "
+                            + StringEscapeUtils.escapeHtml4(uri));
                     }
                     redirectUris.add(uri);
                 }
@@ -330,7 +332,8 @@ public class ClientRegistrationService {
             for (String aud : auds) {
                 if (!StringUtils.isEmpty(aud)) {
                     if (!isValidURI(aud, true)) {
-                        return invalidRegistrationResponse("An invalid audience URI was specified: " + aud);
+                        return invalidRegistrationResponse("An invalid audience URI was specified: "
+                                + StringEscapeUtils.escapeHtml4(aud));
                     }
                     registeredAuds.add(aud);
                 }