From f0c5ceec691c34f2271344287a6652fd2877bf5e Mon Sep 17 00:00:00 2001
From: Robert Tansley <roberttansley@google.com>
Date: Thu, 5 Apr 2007 22:35:52 +0000
Subject: [PATCH] (Robert Tansley) - Fixes to QueryArgs and RegisterServlet
 that cause NullPointerExceptions on   invalid input

git-svn-id: http://scm.dspace.org/svn/repo/trunk@1762 9c30dcfa-912a-0410-8fc2-9e0234be79fd
---
 dspace/CHANGES                                |  4 ++++
 .../app/webui/servlet/RegisterServlet.java    | 12 +++++++++-
 dspace/src/org/dspace/search/QueryArgs.java   | 22 ++++++++++++++-----
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/dspace/CHANGES b/dspace/CHANGES
index f44973428b..19a6a15136 100644
--- a/dspace/CHANGES
+++ b/dspace/CHANGES
@@ -1,5 +1,9 @@
 1.4.2 beta
 ===========
+(Robert Tansley)
+- Fixes to QueryArgs and RegisterServlet that cause NullPointerExceptions on
+  invalid input
+
 (Andrea Bollini)
 - SF Patch #1528142 Malformed OAI-PMH response: illegal bytes in UTF-8 for SF Bug #1490162
 
diff --git a/dspace/src/org/dspace/app/webui/servlet/RegisterServlet.java b/dspace/src/org/dspace/app/webui/servlet/RegisterServlet.java
index 497023b412..2a518a7307 100644
--- a/dspace/src/org/dspace/app/webui/servlet/RegisterServlet.java
+++ b/dspace/src/org/dspace/app/webui/servlet/RegisterServlet.java
@@ -243,7 +243,17 @@ public class RegisterServlet extends DSpaceServlet
             HttpServletResponse response) throws ServletException, IOException,
             SQLException, AuthorizeException
     {
-        String email = request.getParameter("email").toLowerCase().trim();
+        String email = request.getParameter("email");
+        if (email == null || email.length() > 64)
+        {
+        	// Malformed request or entered value is too long.
+        	email = "";
+        }
+        else
+        {
+        	email = email.toLowerCase().trim();
+        }
+        
         String netid = request.getParameter("netid");
         String password = request.getParameter("password");
         EPerson eperson = EPerson.findByEmail(context, email);
diff --git a/dspace/src/org/dspace/search/QueryArgs.java b/dspace/src/org/dspace/search/QueryArgs.java
index eb81f767c1..fd69489f5f 100644
--- a/dspace/src/org/dspace/search/QueryArgs.java
+++ b/dspace/src/org/dspace/search/QueryArgs.java
@@ -151,16 +151,26 @@ public class QueryArgs
         ArrayList conjunction = new ArrayList();
         
         for (int i = 1; i <= numField; i++)
-        {        	
-        	String tmp_query = request.getParameter("query"+i).trim();
-        	String tmp_field = request.getParameter("field"+i).trim();
-        	if (tmp_query != null && !tmp_query.equals(""))
+        {
+        	String tmp_query = request.getParameter("query"+i);
+        	String tmp_field = request.getParameter("field"+i);
+        	// TODO: Ensure a valid field from config
+            // Disarm fields with regexp control characters
+            if (tmp_field != null)
+            {
+                tmp_field = tmp_field.replace('/', ' ');
+                tmp_field = tmp_field.replace('<', ' ');
+                tmp_field = tmp_field.replace('\\', ' ');
+                tmp_field = tmp_field.replace(':', ' ');
+            }
+
+            if (tmp_query != null && !tmp_query.equals(""))
         	{
-        		query.add(tmp_query);
+        		query.add(tmp_query.trim());
         		if (tmp_field == null)        		        			
         			field.add("ANY");
         		else  			
-        			field.add(tmp_field);
+        			field.add(tmp_field.trim());
         		if (i != numField)
             	{
             		conjunction.add(request.getParameter("conjunction"+i) != null?