Patched src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java

patched.codes[bot] · patched.codes[bot] · commit e0e0751e3fad · 2024-05-08T21:35:26.000+08:00
diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/SurveyServlet.java
@@ -95,10 +95,10 @@ else if (step.equals("done")){
 			content = "<h1>Request Out of Order</h1>"+
 			"<div width=\"99%\"><p>It appears that you attempted to skip or repeat some areas of this survey.  Please <a href=\"survey_questions.jsp\">return to the start page</a> to begin again.</p></div>";
 		} else {		
-			request.getSession().setAttribute("surveyStep", step);
+			request.getSession().setAttribute("surveyStep", sanitizeInput(step));
 		}
 		response.setContentType("text/html");
-		response.getWriter().write(content);
+		response.getWriter().write(URLEncoder.encode(content, "UTF-8").replace("%0A", "").replace("%0D", ""));
 		response.getWriter().flush();
 		
 	}

Original file line number	Diff line number	Diff line change
`@@ -95,10 +95,10 @@ else if (step.equals("done")){`
`95`	`95`	`content = "<h1>Request Out of Order</h1>"+`
`96`	`96`	`"<div width=\"99%\"><p>It appears that you attempted to skip or repeat some areas of this survey. Please <a href=\"survey_questions.jsp\">return to the start page</a> to begin again.</p></div>";`
`97`	`97`	`} else {`
`98`		`- request.getSession().setAttribute("surveyStep", step);`
	`98`	`+ request.getSession().setAttribute("surveyStep", sanitizeInput(step));`
`99`	`99`	`}`
`100`	`100`	`response.setContentType("text/html");`
`101`		`- response.getWriter().write(content);`
	`101`	`+ response.getWriter().write(URLEncoder.encode(content, "UTF-8").replace("%0A", "").replace("%0D", ""));`
`102`	`102`	`response.getWriter().flush();`
`103`	`103`
`104`	`104`	`}`