-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 5.2.3
-
Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1
-
Component/s: Accessibility, Security Vulnerability
-
Labels:None
While processing model reources, Element.getText is used instead of either
element.elementTextTrim... or element.elementText().trim()
If a user had formatted their resources-actions/default.xml; eclipse can cause the name to end with a new line and some tabs.
That said, when a user try to do a permissioncheck with that model name, it is not found.
example:
<model-name>foo.company.something.modelName
</model-name>
is stored internally as "foo.company.something.modelName\n\t" and will not match a request for model "foo.company.something.modelName"
Line 904: String name = resource.elementText("model-name");
solution: String name = resource.elementText("model-name").trim();