Project

General

Profile

« Previous | Next » 

Revision 9441

Added by Jing Tao about 9 years ago

Escape the user names, group name and other information in the xml format.

View differences:

src/edu/ucsb/nceas/metacat/AuthLdap.java
48 48
import javax.net.ssl.SSLSession;
49 49

  
50 50
import org.apache.log4j.Logger;
51
import org.apache.commons.lang.StringEscapeUtils;
51 52

  
52 53
import edu.ucsb.nceas.metacat.properties.PropertyService;
53 54
import edu.ucsb.nceas.utilities.PropertyNotFoundException;
......
1285 1286
				}
1286 1287
			}
1287 1288
			logMetacat.info("AuthLdap.getPrincipals - org name is  " + orgName);
1289
			orgName = StringEscapeUtils.escapeXml(orgName);
1290
			logMetacat.info("AuthLdap.getPrincipals - org name (after the xml escaping) is  " + orgName);
1288 1291
			out.append("  <authSystem URI=\"" + this.ldapUrl + this.ldapBase
1289 1292
					+ "\" organization=\"" + orgName + "\">\n");
1290 1293

  
......
1299 1302
			if (groups != null && users != null && groups.length > 0) {
1300 1303
				for (int i = 0; i < groups.length; i++) {
1301 1304
					out.append("    <group>\n");
1302
					out.append("      <groupname>" + groups[i][0] + "</groupname>\n");
1303
					out.append("      <description>" + groups[i][1] + "</description>\n");
1305
					out.append("      <groupname>" + StringEscapeUtils.escapeXml(groups[i][0]) + "</groupname>\n");
1306
					out.append("      <description>" + StringEscapeUtils.escapeXml(groups[i][1]) + "</description>\n");
1304 1307
					String[] usersForGroup = getUsers(user, password, groups[i][0]);
1305 1308
					for (int j = 0; j < usersForGroup.length; j++) {
1306 1309
						userIndex = searchUser(usersForGroup[j], users);
1307 1310
						out.append("      <user>\n");
1308 1311

  
1309 1312
						if (userIndex < 0) {
1310
							out.append("        <username>" + usersForGroup[j]
1313
							out.append("        <username>" + StringEscapeUtils.escapeXml(usersForGroup[j])
1311 1314
									+ "</username>\n");
1312 1315
						} else {
1313
							out.append("        <username>" + users[userIndex][0]
1316
							out.append("        <username>" + StringEscapeUtils.escapeXml(users[userIndex][0])
1314 1317
									+ "</username>\n");
1315
							out.append("        <name>" + users[userIndex][1]
1318
							out.append("        <name>" + StringEscapeUtils.escapeXml(users[userIndex][1])
1316 1319
									+ "</name>\n");
1317
							out.append("        <organization>" + users[userIndex][2]
1320
							out.append("        <organization>" + StringEscapeUtils.escapeXml(users[userIndex][2])
1318 1321
									+ "</organization>\n");
1319 1322
							if (users[userIndex][3].compareTo("null") != 0) {
1320 1323
								out.append("      <organizationUnitName>"
1321
										+ users[userIndex][3]
1324
										+ StringEscapeUtils.escapeXml(users[userIndex][3])
1322 1325
										+ "</organizationUnitName>\n");
1323 1326
							}
1324
							out.append("        <email>" + users[userIndex][4]
1327
							out.append("        <email>" + StringEscapeUtils.escapeXml(users[userIndex][4])
1325 1328
									+ "</email>\n");
1326 1329
						}
1327 1330

  
......
1335 1338
				// for the users not belonging to any grou8p
1336 1339
				for (int j = 0; j < users.length; j++) {
1337 1340
					out.append("    <user>\n");
1338
					out.append("      <username>" + users[j][0] + "</username>\n");
1339
					out.append("      <name>" + users[j][1] + "</name>\n");
1341
					out.append("      <username>" + StringEscapeUtils.escapeXml(users[j][0]) + "</username>\n");
1342
					out.append("      <name>" + StringEscapeUtils.escapeXml(users[j][1]) + "</name>\n");
1340 1343
					out
1341
							.append("      <organization>" + users[j][2]
1344
							.append("      <organization>" + StringEscapeUtils.escapeXml(users[j][2])
1342 1345
									+ "</organization>\n");
1343 1346
					if (users[j][3].compareTo("null") != 0) {
1344
						out.append("      <organizationUnitName>" + users[j][3]
1347
						out.append("      <organizationUnitName>" + StringEscapeUtils.escapeXml(users[j][3])
1345 1348
								+ "</organizationUnitName>\n");
1346 1349
					}
1347
					out.append("      <email>" + users[j][4] + "</email>\n");
1350
					out.append("      <email>" + StringEscapeUtils.escapeXml(users[j][4]) + "</email>\n");
1348 1351
					out.append("    </user>\n");
1349 1352
				}
1350 1353
			}

Also available in: Unified diff