[mapguide-commits] r6667 - in trunk/MgDev/Common/MapGuideCommon: Resources System

svn_mapguide at osgeo.org svn_mapguide at osgeo.org
Fri May 18 08:02:21 EDT 2012 

Author: jng
Date: 2012-05-18 05:02:20 -0700 (Fri, 18 May 2012)
New Revision: 6667

Modified:
   trunk/MgDev/Common/MapGuideCommon/Resources/mapguide_en.res
   trunk/MgDev/Common/MapGuideCommon/System/UserInformation.cpp
Log:
#1351: Ensure valid session ids are created by ensuring the locale is 2 characters long

Modified: trunk/MgDev/Common/MapGuideCommon/Resources/mapguide_en.res
===================================================================
--- trunk/MgDev/Common/MapGuideCommon/Resources/mapguide_en.res	2012-05-18 11:53:37 UTC (rev 6666)
+++ trunk/MgDev/Common/MapGuideCommon/Resources/mapguide_en.res	2012-05-18 12:02:20 UTC (rev 6667)
@@ -259,6 +259,7 @@
 MgInvalidIpConfigurationForSiteServer                 = The site server (%1) must have the same IP address as this local server (%2).
 MgInvalidIpConfigurationForSupportServer              = The site server (%1) must have a different IP address than this support server (%2).
 MgInvalidLogType                                      = The log type is invalid because it is not recognized.
+MgInvalidLocale                                       = The specified locale (%1) is not a 2-letter ISO 639-1 language code
 MgInvalidMapPlotCollectionMapPlotInstruction          = The map plot is invalid because it contains an unrecognized map plot instruction.
 MgInvalidMicroSecond                                  = The microsecond is invalid because it must be between 0 and 999999.
 MgInvalidMinute                                       = The minute is invalid because it must be between 0 and 59.

Modified: trunk/MgDev/Common/MapGuideCommon/System/UserInformation.cpp
===================================================================
--- trunk/MgDev/Common/MapGuideCommon/System/UserInformation.cpp	2012-05-18 11:53:37 UTC (rev 6666)
+++ trunk/MgDev/Common/MapGuideCommon/System/UserInformation.cpp	2012-05-18 12:02:20 UTC (rev 6667)
@@ -292,8 +292,23 @@
     STRING uuid;
     MgUtil::GenerateUuid(uuid);
 
+    // XSS checks for 2-char locales, so we must ensure we generate valid session ids
     // TODO: Pull default locale from MgConfiguration within a try/catch
-    STRING locale = m_locale.empty() ? MgResources::DefaultMessageLocale : m_locale;
+    STRING locale;
+    if (!m_locale.empty())
+    {
+        if (m_locale.length() != 2)
+        {
+            MgStringCollection args;
+            args.Add(m_locale);
+            throw new MgInvalidArgumentException(L"MgUserInformation.CreateMgSessionId", __LINE__, __WFILE__, NULL, L"MgInvalidLocale", &args);
+        }
+        locale = m_locale;
+    }
+    else
+    {
+        locale = MgResources::DefaultMessageLocale;
+    }
 
     uuid.append(L"_");
     uuid.append(locale);

More information about the mapguide-commits mailing list