diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/forms/formdefinition.lib.ftl b/config/alfresco/templates/webscripts/org/alfresco/repository/forms/formdefinition.lib.ftl index 2aa4d58f75..96ff2f3f46 100644 --- a/config/alfresco/templates/webscripts/org/alfresco/repository/forms/formdefinition.lib.ftl +++ b/config/alfresco/templates/webscripts/org/alfresco/repository/forms/formdefinition.lib.ftl @@ -26,7 +26,7 @@ { "name": "${field.name}", "label": "${field.label!""}", - <#if field.description??>"description": "${field.description}", + <#if field.description??>"description": "${field.description?js_string?html}", <#if field.indexTokenisationMode??>"indexTokenisationMode": "${field.indexTokenisationMode}", "protectedField": ${field.protectedField?string}, <#if field.defaultValue??>"defaultValue": "${field.defaultValue}", diff --git a/source/java/org/alfresco/opencmis/PublicApiAlfrescoCmisService.java b/source/java/org/alfresco/opencmis/PublicApiAlfrescoCmisService.java index 38459029d8..f4e8711b91 100644 --- a/source/java/org/alfresco/opencmis/PublicApiAlfrescoCmisService.java +++ b/source/java/org/alfresco/opencmis/PublicApiAlfrescoCmisService.java @@ -125,9 +125,19 @@ public class PublicApiAlfrescoCmisService extends AlfrescoCmisServiceImpl @Override public RepositoryInfo getRepositoryInfo(String repositoryId, ExtensionsData extension) { - checkRepositoryId(repositoryId); + Network network = null; + + try + { + checkRepositoryId(repositoryId); + network = networksService.getNetwork(repositoryId); + } + catch(Exception e) + { + // ACE-2540: Avoid information leak. Same response if repository does not exist or if user is not a member + throw new CmisObjectNotFoundException("Unknown repository '" + repositoryId + "'!"); + } - Network network = networksService.getNetwork(repositoryId); return getRepositoryInfo(network); }