[Ils-source] r1621 - trunk/src/com/resolutions/ils/data

[scribe at crosswire.org]

Author: scribe
Date: 2018-08-25 04:52:46 -0700 (Sat, 25 Aug 2018)
New Revision: 1621

Modified:
   trunk/src/com/resolutions/ils/data/UserProfile.java
Log:
bypassed XSS sanitation for passwd


Modified: trunk/src/com/resolutions/ils/data/UserProfile.java
===================================================================
--- trunk/src/com/resolutions/ils/data/UserProfile.java	2018-08-21 20:01:11 UTC (rev 1620)
+++ trunk/src/com/resolutions/ils/data/UserProfile.java	2018-08-25 11:52:46 UTC (rev 1621)
@@ -606,6 +606,7 @@
         return getStringValue("USERPRNUM");
     }
 
+	//TODO: this method should not exist
     public String getUserProfilePasswd() {
         return getStringValue("USERPRPASSWD");
     }
@@ -775,7 +776,8 @@
     }
 
     public void setUserProfilePasswd(String userProfilePasswd) {
-        setValue("USERPRPASSWD", userProfilePasswd);
+	// bypass OWASP XSS sanitation; we never include passwd as part of html
+        super.setValue("USERPRPASSWD", userProfilePasswd);
     }
 
     public void setUserProfileState(String userProfileState) {