BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize fullName parameter of join API. Fixes #10818

Browse Source
This commit is contained in:
Tiago Daniel Jacobs 2020-11-13 05:59:31 +00:00
parent cafe1a53ce
commit 5c911ddeec
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
View File

@ -245,6 +245,8 @@ class ApiController {
// Do we have a name for the user joining? If none, complain.
if (!StringUtils.isEmpty(params.fullName)) {
params.fullName = StringUtils.strip(params.fullName);
// remove control characters ( sanitize )
params.fullName = params.fullName.replaceAll("\\p{Cntrl}", "");
if (StringUtils.isEmpty(params.fullName)) {
errors.missingParamError("fullName");
}