[HippoCMS-scm] [Git][cms-community/hippo-repository][master] 3 commits: REPO-1912 SecurityManager doesn't sanitize userId in case of external providers to get memberships

Tue, 16 Jan 2018 03:17:29 -0800 

Jeroen Hoffman pushed to branch master at cms-community / hippo-repository


Commits:
df32033d by Marijan Milicevic at 2018-01-11T11:16:19+01:00
REPO-1912 SecurityManager doesn't sanitize userId in case of external 
providers to get memberships
- sanitize user id

- - - - -
48a7f040 by Jeroen Hoffman at 2018-01-16T12:05:31+01:00
REPO-1912 Merge branch 'master' into bugfix/REPO-1912

- - - - -
260a816a by Jeroen Hoffman at 2018-01-16T12:16:09+01:00
REPO-1912 Reintegrate branch 'bugfix/REPO-1912' into master

- - - - -


1 changed file:

- engine/src/main/java/org/hippoecm/repository/security/SecurityManager.java


Changes:

=====================================
engine/src/main/java/org/hippoecm/repository/security/SecurityManager.java
=====================================
--- a/engine/src/main/java/org/hippoecm/repository/security/SecurityManager.java
+++ b/engine/src/main/java/org/hippoecm/repository/security/SecurityManager.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2008-2013 Hippo B.V. (http://www.onehippo.com)
+ *  Copyright 2008-2018 Hippo B.V. (http://www.onehippo.com)
  * 
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -362,10 +362,11 @@ public class SecurityManager implements 
HippoSecurityManager {
      */
     private Set<String> getMemberships(String rawUserId, String providerId) {
         try {
+            final String sanitizedUserId = sanitizeUserId(rawUserId, 
providerId);
             if (providers.containsKey(providerId)) {
-                return 
providers.get(providerId).getGroupManager().getMembershipIds(rawUserId);
+                return 
providers.get(providerId).getGroupManager().getMembershipIds(sanitizedUserId);
             } else {
-                return 
providers.get(INTERNAL_PROVIDER).getGroupManager().getMembershipIds(sanitizeUserId(rawUserId,
 providerId));
+                return 
providers.get(INTERNAL_PROVIDER).getGroupManager().getMembershipIds(sanitizedUserId);
             }
         } catch (RepositoryException e) {
             log.warn("Unable to get memberships for userId: " + rawUserId, e);



View it on GitLab: 
https://code.onehippo.org/cms-community/hippo-repository/compare/2d82cbed0bb9b923d38c2e3538e069fc3959aa14...260a816ae0c1b75209c5719546de2cfd2b51781b

---
View it on GitLab: 
https://code.onehippo.org/cms-community/hippo-repository/compare/2d82cbed0bb9b923d38c2e3538e069fc3959aa14...260a816ae0c1b75209c5719546de2cfd2b51781b
You're receiving this email because of your account on code.onehippo.org.

_______________________________________________
Hippocms-svn mailing list
Hippocms-svn@lists.onehippo.org
https://lists.onehippo.org/mailman/listinfo/hippocms-svn

Reply via email to