Commit 553adaee authored by Jon Roberts's avatar Jon Roberts

ITS #4174: added XML entity escaping for data in writeModifyRequestEntry

parent 785ad020
......@@ -763,7 +763,8 @@ public class DSMLWriter implements LDAPWriter {
newLine(3);
if (Base64.isValidUTF8(bytevalues[j], false)){
out.write("<value>");
out.write(values[j]);
String xmlvalue = makeAttributeSafe(values[j]);
out.write(xmlvalue);
out.write("</value>");
} else {
out.write("<value xsi:type=\"xsd:base64Binary\">");
......@@ -1323,13 +1324,7 @@ public class DSMLWriter implements LDAPWriter {
if (Base64.isValidUTF8(bytevalues[i],true) && this.isXMLSafe(bytevalues[i])){
out.write("<value>");
String xmlvalue = values[i];
xmlvalue = xmlvalue.replaceAll("&", "&amp;");
xmlvalue = xmlvalue.replaceAll("<", "&lt;");
xmlvalue = xmlvalue.replaceAll(">", "&gt;");
xmlvalue = xmlvalue.replaceAll("'", "&apos;");
xmlvalue = xmlvalue.replaceAll("\"", "&quot;");
String xmlvalue = makeAttributeSafe(values[i]);
out.write(xmlvalue);
out.write("</value>");
} else {
......@@ -1469,11 +1464,10 @@ public class DSMLWriter implements LDAPWriter {
String ret = attrib;
ret = ret.replaceAll("&", "&amp;");
ret = ret.replaceAll("<", "&lt;");
ret = ret.replaceAll(">", "&gt;");
ret = ret.replaceAll("'", "&apos;");
ret = ret.replaceAll("\"", "&quot;");
return ret;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment