Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed: wflow-core - User Profile Menu - Prevent XSS. T1604 @7.0-SNAPSHOT
  • Loading branch information
owen-joget committed Nov 23, 2022
1 parent 2e33ea3 commit 9a77f50
Showing 1 changed file with 4 additions and 3 deletions.
Expand Up @@ -14,6 +14,7 @@
import org.joget.apps.userview.model.UserviewBuilderPalette;
import org.joget.apps.userview.model.UserviewMenu;
import org.joget.commons.util.ResourceBundleUtil;
import org.joget.commons.util.SecurityUtil;
import org.joget.commons.util.SetupManager;
import org.joget.commons.util.StringUtil;
import org.joget.commons.util.TimeZoneUtil;
Expand Down Expand Up @@ -205,12 +206,12 @@ private void submitForm() {
}
UserSecurity us = DirectoryUtil.getUserSecurity();

if ("".equals(getPropertyString("f_firstName"))) {
currentUser.setFirstName(getRequestParameterString("firstName"));
if ("".equals(getPropertyString("f_firstName")) && !StringUtil.stripAllHtmlTag(getRequestParameterString("firstName")).isEmpty()) {
currentUser.setFirstName(StringUtil.stripAllHtmlTag(getRequestParameterString("firstName")));
}

if ("".equals(getPropertyString("f_lastName"))) {
currentUser.setLastName(getRequestParameterString("lastName"));
currentUser.setLastName(StringUtil.stripAllHtmlTag(getRequestParameterString("lastName")));
}

if ("".equals(getPropertyString("f_email"))) {
Expand Down

0 comments on commit 9a77f50

Please sign in to comment.