Skip to content
Permalink
Browse files Browse the repository at this point in the history
Only allow setting logId to a value matching [\w-]+
refs #24571
  • Loading branch information
Florian Alpers committed Mar 23, 2023
1 parent 0c2447c commit c29efe6
Showing 1 changed file with 10 additions and 3 deletions.
Expand Up @@ -752,7 +752,11 @@ public void setImageToShow(String imageToShow) {
viewManager.setDropdownSelected(String.valueOf(imageToShow));
}
// Reset LOGID (the LOGID setter is called later by PrettyFaces, so if a value is passed, it will still be set)
setLogid("");
try {
setLogid("");
} catch (PresentationException e) {
//cannot be thrown here
}
logger.trace("imageToShow: {}", this.imageToShow);
}
}
Expand All @@ -776,13 +780,16 @@ public String getImageToShow() {
* </p>
*
* @param logid the logid to set
* @throws PresentationException
*/
public void setLogid(String logid) {
public void setLogid(String logid) throws PresentationException {
synchronized (this) {
if ("-".equals(logid)) {
this.logid = "";
} else {
} else if(StringUtils.isNotBlank(logid) && logid.matches("[\\w-]+")) {
this.logid = SolrTools.escapeSpecialCharacters(logid);
} else {
throw new PresentationException("The passed logId " + SolrTools.escapeSpecialCharacters(logid) + " contains illegal characters");
}
}
}
Expand Down

0 comments on commit c29efe6

Please sign in to comment.