Skip to content
Permalink
Browse files Browse the repository at this point in the history
[DS-4383] Request Item Servlet escape HTML
  • Loading branch information
kshepherd committed Jul 26, 2022
1 parent 56e7604 commit 28eb815
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
Expand Up @@ -8,6 +8,7 @@
package org.dspace.app.webui.servlet;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.log4j.Logger;
import org.dspace.app.requestitem.RequestItemAuthor;
import org.dspace.app.requestitem.RequestItemAuthorExtractor;
Expand Down Expand Up @@ -135,7 +136,7 @@ private void processForm (Context context,
// handle
String handle = request.getParameter("handle");

String bitstream_id=request.getParameter("bitstream-id");
int bitstream_id= UIUtil.getIntParameter(request, "bitstream-id");

// Title
String title = null;
Expand All @@ -160,7 +161,7 @@ private void processForm (Context context,
}

// User email from context
String requesterEmail = request.getParameter("email");
String requesterEmail = StringEscapeUtils.escapeHtml4(request.getParameter("email"));
EPerson currentUser = context.getCurrentUser();
String userName = null;

Expand All @@ -172,8 +173,8 @@ private void processForm (Context context,

if (request.getParameter("submit") != null)
{
String reqname = request.getParameter("reqname");
String coment = request.getParameter("coment");
String reqname = StringEscapeUtils.escapeHtml4(request.getParameter("reqname"));
String coment = StringEscapeUtils.escapeHtml4(request.getParameter("coment"));
if (coment == null || coment.equals(""))
coment = "";
boolean allfiles = "true".equals(request.getParameter("allfiles"));
Expand Down Expand Up @@ -217,7 +218,7 @@ private void processForm (Context context,
email.addArgument(requesterEmail);
email.addArgument(allfiles ? I18nUtil
.getMessage("itemRequest.all") : Bitstream.find(
context, Integer.parseInt(bitstream_id)).getName());
context, bitstream_id).getName());
email.addArgument(HandleManager.getCanonicalForm(item
.getHandle()));
email.addArgument(title); // request item title
Expand Down
Expand Up @@ -118,7 +118,7 @@ protected static String getNewToken(Context context, int bitstreamId
* @exception SQLExeption
*
*/
public static String getLinkTokenEmail(Context context, String bitstreamId
public static String getLinkTokenEmail(Context context, int bitstreamId
, int itemID, String reqEmail, String reqName, boolean allfiles)
throws SQLException
{
Expand All @@ -128,7 +128,7 @@ public static String getLinkTokenEmail(Context context, String bitstreamId
base.endsWith("/") ? "" : "/").append(
"request-item").append("?step=" + RequestItemServlet.ENTER_TOKEN)
.append("&token=")
.append(getNewToken(context, Integer.parseInt(bitstreamId), itemID, reqEmail, reqName, allfiles))
.append(getNewToken(context, bitstreamId, itemID, reqEmail, reqName, allfiles))
.toString();

return specialLink;
Expand Down

0 comments on commit 28eb815

Please sign in to comment.