From e3982f6c2a13c903947a66d89e1af1ccbb161e5f Mon Sep 17 00:00:00 2001 From: "Christopher Lott (cl778h)" Date: Fri, 20 Oct 2017 08:22:19 -0400 Subject: Role management; security vulnerabilities. Extend user/role management interface to allow role deletion. Add filters to defend against common web Javascript attacks. Drop Greensock code with unusable license. Use OParent in EPSDK web application. Issue: US324470, US342324, PORTAL-127 Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142 Signed-off-by: Christopher Lott (cl778h) --- .../analytics/system/fusion/controller/FileServletController.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/controller/FileServletController.java') diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/controller/FileServletController.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/controller/FileServletController.java index 1d1fdd84..b6c985a5 100644 --- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/controller/FileServletController.java +++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/controller/FileServletController.java @@ -58,6 +58,7 @@ import javax.servlet.http.HttpServletResponse; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.service.DataAccessService; +import org.owasp.esapi.ESAPI; import org.springframework.web.servlet.ModelAndView;; @@ -175,7 +176,7 @@ public class FileServletController { response.setContentLength((int) outStream.length); response.setContentType("application/octet-stream"); response.setHeader("Content-disposition", "attachment; filename=\"" - + name + "\""); + + ESAPI.encoder().canonicalize(name) + "\""); copyStream(response, outStream); } catch (Exception ex) { if (os == null) -- cgit 1.2.3-korg