Skip to content

S
solo-1
Commit bb3d1d2a authored by nanolikeyou's avatar nanolikeyou Committed by GitHub
Browse files
Options

Update UserMgmtService.java 

valid email&username to fix an XSS vulnerability
parent c2421380
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 0 deletions
src/main/java/org/b3log/solo/service/UserMgmtService.java
View file @ bb3d1d2a
...@@ -274,6 +274,9 @@ public class UserMgmtService { ...@@ -274,6 +274,9 @@ public class UserMgmtService {
try { try {
final JSONObject user = new JSONObject(); final JSONObject user = new JSONObject();
final String userEmail = requestJSONObject.optString(User.USER_EMAIL).trim().toLowerCase(); final String userEmail = requestJSONObject.optString(User.USER_EMAIL).trim().toLowerCase();
if (!Strings.isEmail(userEmail)) {
throw new ServiceException(langPropsService.get("mailInvalidLabel"));
}
final JSONObject duplicatedUser = userRepository.getByEmail(userEmail); final JSONObject duplicatedUser = userRepository.getByEmail(userEmail);
if (null != duplicatedUser) { if (null != duplicatedUser) {
...@@ -287,6 +290,9 @@ public class UserMgmtService { ...@@ -287,6 +290,9 @@ public class UserMgmtService {
user.put(User.USER_EMAIL, userEmail); user.put(User.USER_EMAIL, userEmail);
final String userName = requestJSONObject.optString(User.USER_NAME); final String userName = requestJSONObject.optString(User.USER_NAME);
if (UserExt.invalidUserName(userName)) {
throw new ServiceException(langPropsService.get("userNameInvalidLabel"));
}
user.put(User.USER_NAME, userName); user.put(User.USER_NAME, userName);
final String userPassword = requestJSONObject.optString(User.USER_PASSWORD); final String userPassword = requestJSONObject.optString(User.USER_PASSWORD);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment