Patched src/com/ibm/security/appscan/altoromutual/servlet/AdminServle…

…t.java
patched-codes · May 1, 2024 · 254006f · 254006f
1 parent dda2a40
commit 254006f
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/AdminServlet.java
@@ -113,9 +113,11 @@ else if (request.getRequestURL().toString().endsWith("changePassword")){
 		if (message != null)
 			message = "Error: " + message;
 		else
-			message = "Requested operation has completed successfully.";
+		(message = "Requested operation has completed successfully.");
 
-		request.getSession().setAttribute("message", message);
+		// Sanitize user input before setting it in the session attribute "message"
+		String sanitizedMessage = message.replaceAll("[^a-zA-Z0-9\\s\\.\\,\\!]", "");
+		request.getSession().setAttribute("message", sanitizedMessage);
 		response.sendRedirect("admin.jsp");
 		return ;
 	}