Skip to content

Commit

Permalink
Fix #2859 Escape special XML chars for title and description (#2887)
Browse files Browse the repository at this point in the history
  • Loading branch information
@offtherailz
offtherailz authored May 14, 2018
1 parent d1f3bb1 commit b45e60c
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
12 changes: 7 additions & 5 deletions web/client/api/GeoStoreDAO.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,10 @@ const ConfigUtils = require('../utils/ConfigUtils');
const xml2js = require('xml2js');
const xmlBuilder = new xml2js.Builder();
const {registerErrorParser} = require('../utils/LocaleUtils');

const generateMetadata = (name, description) =>
"<description><![CDATA[" + description + "]]></description>"
+ "<metadata></metadata>"
+ "<name><![CDATA[" + (name || "") + "]]></name>";
let parseOptions = (opts) => opts;

let parseAdminGroups = (groupsObj) => {
Expand Down Expand Up @@ -59,6 +62,7 @@ registerErrorParser('geostore', {...errorParser});
* API for local config
*/
const Api = {
generateMetadata,
authProviderName: "geostore",
addBaseUrl: function(options) {
return assign(options || {}, {baseURL: ConfigUtils.getDefaults().geoStoreUrl});
Expand Down Expand Up @@ -170,8 +174,7 @@ const Api = {
putResourceMetadata: function(resourceId, newName, newDescription, options) {
return axios.put(
"resources/resource/" + resourceId,
"<Resource><description>" + (newDescription || "") + "</description><metadata></metadata>" +
"<name>" + (newName || "") + "</name></Resource>",
"<Resource>" + generateMetadata(newName, newDescription) + "</Resource>",
this.addBaseUrl(_.merge({
headers: {
'Content-Type': "application/xml"
Expand Down Expand Up @@ -239,8 +242,7 @@ const Api = {
}
return axios.post(
"resources/",
"<Resource><description>" + description + "</description><metadata></metadata>" +
"<name>" + (name || "") + "</name><category><name>" + (category || "") + "</name></category>" +
"<Resource>" + generateMetadata(name, description) + "<category><name>" + (category || "") + "</name></category>" +
attributesSection +
"<store><data><![CDATA[" + (
data
Expand Down
4 changes: 4 additions & 0 deletions web/client/api/__tests__/GeoStoreDAO-test.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,4 +104,8 @@ describe('Test correctness of the GeoStore APIs', () => {
const payload = API.writeSecurityRules(SAMPLE_RULES.SecurityRuleList);
expect(payload).toBe(SAMPLE_XML_RULES);
});
it('test generate meatadata', () => {
const payload = API.generateMetadata("Special & chars", "&<>'\"");
expect(payload).toBe('<description><![CDATA[&<>\'"]]></description><metadata></metadata><name><![CDATA[Special & chars]]></name>');
});
});

0 comments on commit b45e60c

Please sign in to comment.