Project

General

Profile

Actions

Bug #6617

closed

XML response from action=getprincipals can contain reserved characters

Added by ben leinfelder about 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
11/06/2014
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

Alvin pointed this out in KNB help email.
http://support.nceas.ucsb.edu/rt/Ticket/Display.html?id=10534

I just found a bug in Metacat that may prevent Morpho to refresh the user list when adding or updating access list.
The problem is that the XML generated by action `/metacat?action=getprincipals` can be invalid because the values from LDAP entries may contain XML-reserved characters, which are not sanitized in the XML output.
Actions #1

Updated by ben leinfelder about 9 years ago

  • Target version changed from 2.5.0 to 2.5.1
Actions #2

Updated by Jing Tao about 9 years ago

  • Assignee changed from ben leinfelder to Jing Tao
Actions #3

Updated by Jing Tao about 9 years ago

  • Status changed from New to Closed

Use the exscapeXml method in the apache common lang library to escape those xml entities in the values.

Actions

Also available in: Atom PDF