Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixes #8840 sort by sanitizing and email header injection
  • Loading branch information
wezell committed Apr 7, 2016
1 parent ddf9ad9 commit bc4db5d
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 1 deletion.
Expand Up @@ -109,6 +109,7 @@ public ActionForward unspecified(ActionMapping rMapping, ActionForm form,
if(!UtilMethods.isSet(invalidCaptchaURL)) {
invalidCaptchaURL = errorURL;
}
invalidCaptchaURL = invalidCaptchaURL.replaceAll("\\s", " ");
ActionForward af = new ActionForward();
af.setRedirect(true);
if (UtilMethods.isSet(queryString)) {
Expand Down
17 changes: 17 additions & 0 deletions src/com/dotmarketing/factories/EmailFactory.java
Expand Up @@ -418,6 +418,23 @@ public static WebForm sendParameterizedEmail(Map<String,Object> parameters, Set<
String subject = (String)getMapValue("subject", parameters);
subject = (subject == null) ? "Mail from " + host.getHostname() + "" : subject;


// strip line breaks from headers
from = from.replaceAll("\\s", " ");
to = to.replaceAll("\\s", " ");
cc = cc.replaceAll("\\s", " ");
bcc = bcc.replaceAll("\\s", " ");
fromName = fromName.replaceAll("\\s", " ");
subject = subject.replaceAll("\\s", " ");









String emailFolder = (String)getMapValue("emailFolder", parameters);

boolean html = getMapValue("html", parameters) != null?Parameter.getBooleanFromString((String)getMapValue("html", parameters)):true;
Expand Down
Expand Up @@ -5,6 +5,7 @@
import java.util.Map;

import com.dotmarketing.business.APILocator;
import com.dotmarketing.common.util.SQLUtil;
import com.dotmarketing.exception.DotDataException;
import com.dotmarketing.util.UtilMethods;
import com.liferay.portal.model.User;
Expand Down Expand Up @@ -100,6 +101,9 @@ public WorkflowSearcher(Map<String, Object> map, User user) {
stepId = getStringValue("stepId", map);
keywords = getStringValue("keywords", map);
orderBy = getStringValue("orderBy", map);


orderBy= SQLUtil.sanitizeSortBy(orderBy);
show4all = getBooleanValue("show4all", map);
open = getBooleanValue("open", map);
closed = getBooleanValue("closed", map);
Expand Down Expand Up @@ -135,7 +139,7 @@ public void setUser(User user) {
}

public String getOrderBy() {
return orderBy;
return SQLUtil.sanitizeSortBy(orderBy);
}

public List<WorkflowTask> findTasks() throws DotDataException {
Expand All @@ -154,6 +158,7 @@ public List<WorkflowTask> findAllTasks(WorkflowSearcher searcher) throws DotData
}

public void setOrderBy(String orderBy) {
orderBy = SQLUtil.sanitizeSortBy(orderBy);
this.orderBy = orderBy;
}

Expand Down

0 comments on commit bc4db5d

Please sign in to comment.