Merge pull request #2257 from hongwei1/develop

bugfix/added the guard for locale parameter
OpenBankProject · Sep 6, 2023 · 3c5326f · 3c5326f
2 parents e69ae13 + 463d437
commit 3c5326f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala b/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala
@@ -125,7 +125,7 @@ import code.transactionrequests.{MappedTransactionRequest, MappedTransactionRequ
 import code.usercustomerlinks.MappedUserCustomerLink
 import code.userlocks.UserLocks
 import code.users._
-import code.util.Helper.MdcLoggable
+import code.util.Helper.{MdcLoggable, SILENCE_IS_GOLDEN}
 import code.util.{Helper, HydraUtil}
 import code.validation.JsonSchemaValidation
 import code.views.Views
@@ -632,7 +632,7 @@ class Boot extends MdcLoggable {
         // Check to see if the user explicitly requests a new locale 
         // In case it's true we use that value to set up a new cookie value
         S.param(PARAM_LOCALE) match {
-          case Full(requestedLocale) if requestedLocale != null => {
+          case Full(requestedLocale) if requestedLocale != null && APIUtil.checkShortString(requestedLocale)==SILENCE_IS_GOLDEN => {
             val computedLocale: Locale = I18NUtil.computeLocale(requestedLocale)
             val id: Long = AuthUser.getCurrentUser.map(_.user.userPrimaryKey.value).getOrElse(0)
             Users.users.vend.getResourceUserByResourceUserId(id).map { 

diff --git a/obp-api/src/main/scala/code/api/util/APIUtil.scala b/obp-api/src/main/scala/code/api/util/APIUtil.scala
@@ -937,6 +937,17 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
       case _ => ErrorMessages.InvalidValueCharacters
     }
   }
+
+  /** only  A-Z, a-z, 0-9, -, _, ., and max length <= 16  */
+  def checkShortString(value:String): String ={
+    val valueLength = value.length
+    val regex = """^([A-Za-z0-9\-._]+)$""".r
+    value match {
+      case regex(e) if(valueLength <= 16) => SILENCE_IS_GOLDEN
+      case regex(e) if(valueLength > 16) => ErrorMessages.InvalidValueLength
+      case _ => ErrorMessages.InvalidValueCharacters
+    }
+  }
 
   /** only  A-Z, a-z, 0-9, -, _, ., @, space and max length <= 512  */
   def checkUsernameString(value:String): String ={

diff --git a/obp-api/src/main/scala/code/api/util/I18NUtil.scala b/obp-api/src/main/scala/code/api/util/I18NUtil.scala
@@ -1,6 +1,7 @@
 package code.api.util
 
 import code.api.Constant.PARAM_LOCALE
+import code.util.Helper.SILENCE_IS_GOLDEN
 
 import java.util.{Date, Locale}
 
@@ -29,7 +30,7 @@ object I18NUtil {
     val localeCookieName = "SELECTED_LOCALE"
     S.param(PARAM_LOCALE) match {
       // 1st choice: Use query parameter as a source of truth if any
-      case Full(requestedLocale) if requestedLocale != null => {
+      case Full(requestedLocale) if requestedLocale != null && APIUtil.checkShortString(requestedLocale) == SILENCE_IS_GOLDEN => {
         val computedLocale = I18NUtil.computeLocale(requestedLocale)
         S.addCookie(HTTPCookie(localeCookieName, requestedLocale))
         computedLocale