You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by ta...@apache.org on 2015/07/22 21:06:11 UTC
deltaspike git commit: DELTASPIKE-963 Header injection due to
unescaped key in JsfUtils
Repository: deltaspike
Updated Branches:
refs/heads/master b463bcf59 -> 0b8924f75
DELTASPIKE-963 Header injection due to unescaped key in JsfUtils
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/0b8924f7
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/0b8924f7
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/0b8924f7
Branch: refs/heads/master
Commit: 0b8924f7519e806c7246d620dce6da4bb3526dfd
Parents: b463bcf
Author: Thomas Andraschko <ta...@apache.org>
Authored: Wed Jul 22 21:06:03 2015 +0200
Committer: Thomas Andraschko <ta...@apache.org>
Committed: Wed Jul 22 21:06:03 2015 +0200
----------------------------------------------------------------------
.../deltaspike/jsf/impl/util/JsfUtils.java | 31 ++++++++++++++++++--
1 file changed, 28 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/0b8924f7/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/JsfUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/JsfUtils.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/JsfUtils.java
index 248b766..9b6a0d7 100644
--- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/JsfUtils.java
+++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/JsfUtils.java
@@ -117,7 +117,16 @@ public abstract class JsfUtils
{
finalUrl.append("&");
}
- finalUrl.append(key);
+
+ if (encodeValues)
+ {
+ finalUrl.append(JsfUtils.encodeURLParameterValue(key, externalContext));
+ }
+ else
+ {
+ finalUrl.append(key);
+ }
+
finalUrl.append("=");
if (encodeValues)
@@ -166,7 +175,15 @@ public abstract class JsfUtils
finalUrl.append("?");
}
- finalUrl.append(name);
+ if (encodeValues)
+ {
+ finalUrl.append(JsfUtils.encodeURLParameterValue(name, externalContext));
+ }
+ else
+ {
+ finalUrl.append(name);
+ }
+
finalUrl.append("=");
if (encodeValues)
@@ -216,7 +233,15 @@ public abstract class JsfUtils
finalUrl.append("&");
}
- finalUrl.append(entry.getKey());
+ if (encodeValues)
+ {
+ finalUrl.append(JsfUtils.encodeURLParameterValue(entry.getKey(), externalContext));
+ }
+ else
+ {
+ finalUrl.append(entry.getKey());
+ }
+
finalUrl.append("=");
if (encodeValues)