Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6761

Republish/re-activate in the Admin Web passes html encoded data to API

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.11.1.3
    • Fix Version/s: EJBCA 6.13.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Sprint 11 (2 weeks)

      Description

      See linked issue. CAInterfaceBean.republish uses

      String dn = certificateView.getSubjectDN();

      where CertificateView returns the DN as html escaped, to be able to view securely in the web browser. However, this dn is passed to our API later on in the republish method as:

      publishersession.storeCertificate

      so publishersession.storeCertificate gets html escaped data, which it should not.

      My guess is that this might break some stuff, like LDAP publisher? It will break custom publishers.

       

      We should probably make and use a method CertificateView.getSubjectDNUnEscaped, the same as we have for CertificateView.getIssuerDNUnEscaped.

       

        Attachments

          Activity

            People

            Assignee:
            amin Amin Khorsandi
            Reporter:
            tomas Tomas Gustavsson
            Verified by:
            Mike Agrenius Kushner, Tomas Gustavsson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days Original Estimate - 2 days
                2d
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 4 hours, 15 minutes
                2d 4h 15m