Skip to content
Permalink
Browse files Browse the repository at this point in the history
Sanitize fullName parameter of join API. Fixes #10818
  • Loading branch information
TiagoJacobs committed Nov 13, 2020
1 parent cafe1a5 commit 5c911dd
Showing 1 changed file with 2 additions and 0 deletions.
Expand Up @@ -245,6 +245,8 @@ class ApiController {
// Do we have a name for the user joining? If none, complain.
if (!StringUtils.isEmpty(params.fullName)) {
params.fullName = StringUtils.strip(params.fullName);
// remove control characters ( sanitize )
params.fullName = params.fullName.replaceAll("\\p{Cntrl}", "");
if (StringUtils.isEmpty(params.fullName)) {
errors.missingParamError("fullName");
}
Expand Down

0 comments on commit 5c911dd

Please sign in to comment.