hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-24 10:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

(Robert Tansley)

Browse Source 
- Fixes to QueryArgs and RegisterServlet that cause NullPointerExceptions on
  invalid input


git-svn-id: http://scm.dspace.org/svn/repo/trunk@1762 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Robert Tansley
2007-04-05 22:35:52 +00:00
parent 9b6c5729e4
commit f0c5ceec69
3 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dspace/CHANGES
View File

@@ -1,5 +1,9 @@
1.4.2 beta 1.4.2 beta
=========== ===========
(Robert Tansley)
- Fixes to QueryArgs and RegisterServlet that cause NullPointerExceptions on
invalid input
(Andrea Bollini) (Andrea Bollini)
- SF Patch #1528142 Malformed OAI-PMH response: illegal bytes in UTF-8 for SF Bug #1490162 - SF Patch #1528142 Malformed OAI-PMH response: illegal bytes in UTF-8 for SF Bug #1490162

12
dspace/src/org/dspace/app/webui/servlet/RegisterServlet.java
View File

@@ -243,7 +243,17 @@ public class RegisterServlet extends DSpaceServlet
HttpServletResponse response) throws ServletException, IOException, HttpServletResponse response) throws ServletException, IOException,
SQLException, AuthorizeException SQLException, AuthorizeException
{ {
String email = request.getParameter("email").toLowerCase().trim(); String email = request.getParameter("email");
if (email == null || email.length() > 64)
{
// Malformed request or entered value is too long.
email = "";
}
else
{
email = email.toLowerCase().trim();
}
String netid = request.getParameter("netid"); String netid = request.getParameter("netid");
String password = request.getParameter("password"); String password = request.getParameter("password");
EPerson eperson = EPerson.findByEmail(context, email); EPerson eperson = EPerson.findByEmail(context, email);

20
dspace/src/org/dspace/search/QueryArgs.java
View File

@@ -152,15 +152,25 @@ public class QueryArgs
for (int i = 1; i <= numField; i++) for (int i = 1; i <= numField; i++)
{ {
String tmp_query = request.getParameter("query"+i).trim(); String tmp_query = request.getParameter("query"+i);
String tmp_field = request.getParameter("field"+i).trim(); String tmp_field = request.getParameter("field"+i);
if (tmp_query != null && !tmp_query.equals("")) // TODO: Ensure a valid field from config
// Disarm fields with regexp control characters
if (tmp_field != null)
{
tmp_field = tmp_field.replace('/', ' ');
tmp_field = tmp_field.replace('<', ' ');
tmp_field = tmp_field.replace('\\', ' ');
tmp_field = tmp_field.replace(':', ' ');
}
if (tmp_query != null && !tmp_query.equals(""))
{ {
query.add(tmp_query); query.add(tmp_query.trim());
if (tmp_field == null) if (tmp_field == null)
field.add("ANY"); field.add("ANY");
else else
field.add(tmp_field); field.add(tmp_field.trim());
if (i != numField) if (i != numField)
{ {
conjunction.add(request.getParameter("conjunction"+i) != null? conjunction.add(request.getParameter("conjunction"+i) != null?