cziegeler opened a new pull request, #25: URL: https://github.com/apache/sling-org-apache-sling-auth-core/pull/25
Prevents log injection attacks by sanitizing user-controlled values before they are passed to log statements in `isRedirectValid`. - Add `sanitizeForLog` helper that escapes `\r` and `\n` characters in strings - Sanitize `target` into `sanitizedTarget` before all warning log calls in both overloads of `isRedirectValid` - Sanitize `ctxPath` into `sanitizedCtxPath` at the point of use in the two log sites that include the context path - No change to validation logic or return values — only log arguments are affected Co-authored-by: Maia <maia@noreply> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
