Skip to content

Commit

Permalink
Merge pull request #549 from sguan-actuate/master
Browse files Browse the repository at this point in the history 
Fix for XSS vulnerability Bug 546816
  • Loading branch information
Yulin Wang committed Jul 24, 2019
2 parents d56caca + 91ef718 commit 7cb3874
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ...report.viewer/birt/WEB-INF/classes/org/eclipse/birt/report/utility/ParameterAccessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2104,7 +2104,7 @@ public static String getParameter( HttpServletRequest request,
{
}
}
return request.getParameter( parameterName );
return htmlEncode( request.getParameter( parameterName ) );
}

/**
Expand Down Expand Up @@ -2258,7 +2258,7 @@ public static String decodeFilePath( HttpServletRequest request,
{
return null;
}

filePath = htmlDecode( filePath );
if ( isEncodedPaths( request ) )
{
return decodeBase64( filePath );
Expand Down

0 comments on commit 7cb3874

Please sign in to comment.