SEBSERV-114 fix by escaping chars for XML
This commit is contained in:
anhefti
parent
05c02d30b7
commit
7c402c7a46
1 changed files with 9 additions and 8 deletions
|
|
@ -16,19 +16,20 @@ import java.util.HashSet;
|
|||
import java.util.Set;
|
||||
import java.util.function.Function;
|
||||
|
||||
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.client.ClientCredentialService;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.ExamConfigXMLParser;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.commons.text.StringEscapeUtils;
|
||||
import org.springframework.context.annotation.Lazy;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||
import ch.ethz.seb.sebserver.gbl.model.sebconfig.AttributeType;
|
||||
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationAttribute;
|
||||
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationValue;
|
||||
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.client.ClientCredentialService;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.AttributeValueConverter;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.ExamConfigXMLParser;
|
||||
|
||||
@Lazy
|
||||
@Component
|
||||
|
|
@ -43,8 +44,6 @@ public class StringConverter implements AttributeValueConverter {
|
|||
AttributeType.DECIMAL,
|
||||
AttributeType.COMBO_SELECTION)));
|
||||
|
||||
|
||||
|
||||
private static final String XML_TEMPLATE = "<key>%s</key><string>%s</string>";
|
||||
private static final String XML_TEMPLATE_EMPTY = "<key>%s</key><string />";
|
||||
|
||||
|
|
@ -95,8 +94,10 @@ public class StringConverter implements AttributeValueConverter {
|
|||
final String template,
|
||||
final String emptyTemplate) throws IOException {
|
||||
|
||||
final String val = (value != null && value.value != null) ? value.value : attribute.getDefaultValue();
|
||||
String realName = AttributeValueConverter.extractName(attribute);
|
||||
final String val = StringEscapeUtils.escapeXml10((value != null && value.value != null)
|
||||
? value.value
|
||||
: attribute.getDefaultValue());
|
||||
final String realName = AttributeValueConverter.extractName(attribute);
|
||||
if (StringUtils.isNotBlank(val)) {
|
||||
out.write(Utils.toByteArray(String.format(
|
||||
template,
|
||||
|
|
@ -123,7 +124,7 @@ public class StringConverter implements AttributeValueConverter {
|
|||
|
||||
// decrypt internally encrypted password and hash it for export
|
||||
// NOTE: see special case description in ExamConfigXMLParser.createConfigurationValue
|
||||
String plainText = this.clientCredentialService.decrypt(value).toString();
|
||||
final String plainText = this.clientCredentialService.decrypt(value).toString();
|
||||
if (plainText.endsWith(Constants.IMPORTED_PASSWORD_MARKER)) {
|
||||
return plainText.replace(Constants.IMPORTED_PASSWORD_MARKER, StringUtils.EMPTY);
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in a new issue