From fb0c235644e113c2bf10c56c99fb260c70d21b47 Mon Sep 17 00:00:00 2001 From: Dominik Hanak Date: Tue, 27 Jun 2023 08:34:43 +0200 Subject: [PATCH] RHPAM-4719: Replace single qoute with nothing --- .../org/guvnor/rest/backend/ProjectResource.java | 12 +++++++++--- .../OrganizationalUnitServiceImpl.java | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java b/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java index 50229e8e1e..cc5ea7310d 100644 --- a/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java +++ b/uberfire-rest/uberfire-rest-backend/src/main/java/org/guvnor/rest/backend/ProjectResource.java @@ -374,7 +374,7 @@ public Response addBranch(@PathParam("spaceName") String spaceName, jobRequest.setJobId(id); jobRequest.setSpaceName(spaceName); jobRequest.setProjectName(projectName); - jobRequest.setNewBranchName(StringEscapeUtils.escapeHtml4(addBranchRequest.getNewBranchName())); + jobRequest.setNewBranchName(escapeHtmlInput(addBranchRequest.getNewBranchName())); jobRequest.setBaseBranchName(addBranchRequest.getBaseBranchName()); jobRequest.setUserIdentifier(sessionInfo.getIdentity().getIdentifier()); addAcceptedJobResult(id); @@ -455,6 +455,12 @@ private ProjectResponse getProjectResponse(WorkspaceProject workspaceProject) { return projectResponse; } + private String escapeHtmlInput(String input) { + String escapedInput = StringEscapeUtils.escapeHtml4(input); + escapedInput = escapedInput.replace("'", ""); + return escapedInput; + } + @POST @Produces(MediaType.APPLICATION_JSON) @Path("/spaces/{spaceName}/projects/{projectName}/maven/compile") @@ -685,7 +691,7 @@ public Response createSpace(Space space) { jobRequest.setJobId(id); jobRequest.setSpaceName(space.getName()); jobRequest.setDescription(space.getDescription()); - jobRequest.setOwner(StringEscapeUtils.escapeHtml4(space.getOwner())); + jobRequest.setOwner(escapeHtmlInput(space.getOwner())); jobRequest.setDefaultGroupId(space.getDefaultGroupId()); addAcceptedJobResult(id); @@ -710,7 +716,7 @@ public Response updateSpace(Space space) { jobRequest.setJobId(id); jobRequest.setSpaceName(space.getName()); jobRequest.setDescription(space.getDescription()); - jobRequest.setOwner(StringEscapeUtils.escapeHtml4(space.getOwner())); + jobRequest.setOwner(escapeHtmlInput(space.getOwner())); jobRequest.setDefaultGroupId(space.getDefaultGroupId()); addAcceptedJobResult(id); diff --git a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java index 204bb138dc..8728cbfee9 100644 --- a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java +++ b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java @@ -625,6 +625,7 @@ private Collection escapeContributorsNames(Collection Collection escapedContributors = new ArrayList<>(); contributors.forEach((contributor -> { String escapedName = StringEscapeUtils.escapeHtml4(contributor.getUsername()); + escapedName = escapedName.replace("'", ""); escapedContributors.add(new Contributor(escapedName, contributor.getType())); })); return escapedContributors;