Changed the field1.replaceAll to field1 = field1.replaceAll. The first case does not clean the taint
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@474 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
		| @ -12,10 +12,11 @@ if(field1 == null) field1 = "123"; | |||||||
| if(field2 == null) field2 = "-1"; | if(field2 == null) field2 = "-1"; | ||||||
|  |  | ||||||
| /** For security reasons, we remove all '<' and '>' characters to prevent XSS **/ | /** For security reasons, we remove all '<' and '>' characters to prevent XSS **/ | ||||||
| field1.replaceAll("<", ""); | // Thank you Victor Bucutea for noticing replaceAll only cleans taint to the return value. | ||||||
| field1.replaceAll(">", ""); | field1 = field1.replaceAll("<", ""); | ||||||
| field2.replaceAll("<", ""); | field1 = field1.replaceAll(">", ""); | ||||||
| field2.replaceAll(">", ""); | field2 = field2.replaceAll("<", ""); | ||||||
|  | field2 = field2.replaceAll(">", ""); | ||||||
|  |  | ||||||
| if("Purchase".equals(action)) | if("Purchase".equals(action)) | ||||||
| { | { | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user