cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From likit...@apache.org
Subject git commit: updated refs/heads/4.3 to b1e0f50
Date Thu, 21 Nov 2013 08:14:30 GMT
Updated Branches:
  refs/heads/4.3 b43b4b28b -> b1e0f5014


CLOUDSTACK-5227. Cannot pass Japanese characters as parameter values to an API.
During API check for control characters use pattern matching to avoid identifying all non-printable
characters as control characters.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b1e0f501
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b1e0f501
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b1e0f501

Branch: refs/heads/4.3
Commit: b1e0f50145e6dd77a7d2ed1b3c14ddfeab034e4d
Parents: b43b4b2
Author: Likitha Shetty <likitha.shetty@citrix.com>
Authored: Thu Nov 21 13:33:57 2013 +0530
Committer: Likitha Shetty <likitha.shetty@citrix.com>
Committed: Thu Nov 21 13:38:09 2013 +0530

----------------------------------------------------------------------
 server/src/com/cloud/api/ApiServer.java | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1e0f501/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index cb2ecc6..087508c 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -43,6 +43,8 @@ import java.util.concurrent.ExecutorService;
 import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
@@ -158,6 +160,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
 
     public static boolean encodeApiResponse = false;
     public static String jsonContentType = "text/javascript";
+    public static String controlCharacters = "[\000-\011\013-\014\016-\037\177]"; // Non-printable
ASCII characters - numbers 0 to 31 and 127 decimal
     @Inject ApiDispatcher _dispatcher;
 
     @Inject private AccountManager _accountMgr;
@@ -348,10 +351,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler,
ApiSer
                     String[] value = (String[]) params.get(key);
                     // fail if parameter value contains ASCII control (non-printable) characters
                     if (value[0] != null) {
-                        String newValue = StringUtils.stripControlCharacters(value[0]);
-                        if ( !newValue.equals(value[0]) ) {
-                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received
value " + value[0] + " for parameter "
-                                    + key + " is invalid, contains illegal ASCII non-printable
characters");
+                        Pattern pattern = Pattern.compile(controlCharacters);
+                        Matcher matcher = pattern.matcher(value[0]);
+                        if (matcher.find()) {
+                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received
value " + value[0] + " for parameter " + key + " is invalid, contains illegal ASCII non-printable
characters");
                         }
                     }
                     paramMap.put(key, value[0]);


Mime
View raw message