Updated Branches: refs/heads/master 7f1168cec -> 6aafb9c50
CLOUDSTACK-5227. Cannot pass Japanese characters as parameter values to an API. During API check for control characters use pattern matching to avoid identifying all non-printable characters as control characters. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6aafb9c5 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6aafb9c5 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6aafb9c5 Branch: refs/heads/master Commit: 6aafb9c50da3cf4db37c0323d8bdc859776a8fa0 Parents: 7f1168c Author: Likitha Shetty <[email protected]> Authored: Thu Nov 21 13:33:57 2013 +0530 Committer: Likitha Shetty <[email protected]> Committed: Thu Nov 21 13:40:06 2013 +0530 ---------------------------------------------------------------------- server/src/com/cloud/api/ApiServer.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6aafb9c5/server/src/com/cloud/api/ApiServer.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index cb2ecc6..087508c 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -43,6 +43,8 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.TimeUnit; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; @@ -158,6 +160,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer public static boolean encodeApiResponse = false; public static String jsonContentType = "text/javascript"; + public static String controlCharacters = "[\000-\011\013-\014\016-\037\177]"; // Non-printable ASCII characters - numbers 0 to 31 and 127 decimal @Inject ApiDispatcher _dispatcher; @Inject private AccountManager _accountMgr; @@ -348,10 +351,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer String[] value = (String[]) params.get(key); // fail if parameter value contains ASCII control (non-printable) characters if (value[0] != null) { - String newValue = StringUtils.stripControlCharacters(value[0]); - if ( !newValue.equals(value[0]) ) { - throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter " - + key + " is invalid, contains illegal ASCII non-printable characters"); + Pattern pattern = Pattern.compile(controlCharacters); + Matcher matcher = pattern.matcher(value[0]); + if (matcher.find()) { + throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter " + key + " is invalid, contains illegal ASCII non-printable characters"); } } paramMap.put(key, value[0]);
