Strip HTML tags from name and fullName API params.
This commit is contained in:
parent
f3bb50b3cc
commit
78c649650e
@ -322,7 +322,7 @@ public class ParamsProcessorUtil {
|
|||||||
meetingName = "";
|
meetingName = "";
|
||||||
}
|
}
|
||||||
|
|
||||||
meetingName = ParamsUtil.stripControlChars(meetingName);
|
meetingName = ParamsUtil.stripHTMLTags(ParamsUtil.stripControlChars(meetingName));
|
||||||
|
|
||||||
String externalMeetingId = params.get(ApiParams.MEETING_ID);
|
String externalMeetingId = params.get(ApiParams.MEETING_ID);
|
||||||
|
|
||||||
|
@ -19,6 +19,10 @@ public class ParamsUtil {
|
|||||||
public static String stripControlChars(String text) {
|
public static String stripControlChars(String text) {
|
||||||
return text.replaceAll("\\p{Cc}", "");
|
return text.replaceAll("\\p{Cc}", "");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static String stripHTMLTags(String value) {
|
||||||
|
return value.replaceAll("\\<.*?>","");
|
||||||
|
}
|
||||||
|
|
||||||
public static boolean isValidMeetingId(String meetingId) {
|
public static boolean isValidMeetingId(String meetingId) {
|
||||||
//return VALID_ID_PATTERN.matcher(meetingId).matches();
|
//return VALID_ID_PATTERN.matcher(meetingId).matches();
|
||||||
|
@ -30,6 +30,7 @@ import org.bigbluebutton.api.domain.Config
|
|||||||
import org.bigbluebutton.api.domain.GuestPolicy
|
import org.bigbluebutton.api.domain.GuestPolicy
|
||||||
import org.bigbluebutton.api.domain.Meeting
|
import org.bigbluebutton.api.domain.Meeting
|
||||||
import org.bigbluebutton.api.domain.UserSession
|
import org.bigbluebutton.api.domain.UserSession
|
||||||
|
import org.bigbluebutton.api.util.ParamsUtil
|
||||||
import org.bigbluebutton.api.util.ResponseBuilder
|
import org.bigbluebutton.api.util.ResponseBuilder
|
||||||
import org.bigbluebutton.presentation.PresentationUrlDownloadService
|
import org.bigbluebutton.presentation.PresentationUrlDownloadService
|
||||||
import org.bigbluebutton.presentation.UploadedPresentation
|
import org.bigbluebutton.presentation.UploadedPresentation
|
||||||
@ -250,7 +251,7 @@ class ApiController {
|
|||||||
} else {
|
} else {
|
||||||
errors.missingParamError("fullName");
|
errors.missingParamError("fullName");
|
||||||
}
|
}
|
||||||
String fullName = params.fullName
|
String fullName = ParamsUtil.stripHTMLTags(params.fullName)
|
||||||
|
|
||||||
// Do we have a meeting id? If none, complain.
|
// Do we have a meeting id? If none, complain.
|
||||||
if (!StringUtils.isEmpty(params.meetingID)) {
|
if (!StringUtils.isEmpty(params.meetingID)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user