package kernel.web;

 import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang.StringEscapeUtils;

 public class Web114RequestWrapper extends HttpServletRequestWrapper
 {
  public Web114RequestWrapper(HttpServletRequest request)
  {
     super(request);
  }

  public String getParameter(String name)
  {
     String value = super.getParameter(name);
     if ((!name.equals("BPassportLoginResponse")) && (!name.equals("BPassportCheckResponse")) && (value != null)) {
      value = filterUserInput(value);
    }
    return value;
  }

  public String[] getParameterValues(String name)
  {
    String[] values = super.getParameterValues(name);
    if (values != null)
    {
      int i = 0; for (int l = values.length; i < l; i++)
      {
        values[i] = filterUserInput(values[i]);
      }
    }
     return values;
  }

  private String filterUserInput(String input)
  {
    input = StringEscapeUtils.escapeSql(input);
    input = StringEscapeUtils.escapeHtml(input);
    input = StringEscapeUtils.escapeJavaScript(input);

    return input;
  }
}