From 2bf8ae6b3fd883d1cd48bbeac200ff41ead7987a Mon Sep 17 00:00:00 2001 From: Vivek Singh Date: Mon, 18 Sep 2023 13:46:56 +0530 Subject: [PATCH] #606 - fixed. details in card. --- .../framework/sync/MutableRequestFilter.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/avni-server-api/src/main/java/org/avni/server/framework/sync/MutableRequestFilter.java b/avni-server-api/src/main/java/org/avni/server/framework/sync/MutableRequestFilter.java index 8ca98e258..faae98ae0 100644 --- a/avni-server-api/src/main/java/org/avni/server/framework/sync/MutableRequestFilter.java +++ b/avni-server-api/src/main/java/org/avni/server/framework/sync/MutableRequestFilter.java @@ -38,15 +38,26 @@ public XSSSafeRequest(HttpServletRequest request) { super(request); } + private boolean isNotProtected() { + HttpServletRequest request = (HttpServletRequest) this.getRequest(); + return request.getRequestURI().startsWith("/api"); + } + @Override public String getParameter(String name) { HttpServletRequest request = (HttpServletRequest) this.getRequest(); + if (this.isNotProtected()) + return super.getParameter(name); + return Encode.forHtml(request.getParameter(name)); } @Override public Map getParameterMap() { Map existingParameterMap = super.getParameterMap(); + if (this.isNotProtected()) + return existingParameterMap; + if (existingParameterMap == null) return null; Map newParameterMap = new HashMap<>(); @@ -59,7 +70,10 @@ public Map getParameterMap() { @Override public String[] getParameterValues(String name) { String[] existingValues = super.getParameterValues(name); - if (existingValues == null) return null; + if (this.isNotProtected()) + return existingValues; + + if (existingValues == null) return null; String[] newValues = new String[existingValues.length]; for (int i = 0; i < existingValues.length; i++) {