SSPR Version v3.2.0.3 b40 r38536

SSPR is throwing a SSPR 5013 error after selecting a specific user from
the helpdesk selection screen. The logs do not show the specific error
but the error that seems to pertain to this situation is the following:

2015-09-29T14:31:51Z, WARN , pwm.Validator, removing potentially
malicious string values from input, converting
'ui_C-H4sIAAAAAAAAAAFwAI__FL2yExQbQQ5LndGHwpcGNHoI9l4r0K mk*hrEf*FiovLO2oQaoypld_GxqHMbz5i-WWQmd7AkCmNi3F9vDFgyMYh8cvZdvNM8fTGBvePIolBPHKAg8e JnaZLSubvtOxXBTqCihbeHBWcwEp4T8BpgF4cMzhwAAAA'
newValue=' pattern='(?i).*href.*'

I'm speculating here but I imagine the string of characters above is
generated from some uniquely identifiable attribute(s) and is used in
the POST to query the person from eDirectory. The same string is always
created when selecting the same individual.

Problem is that this string contains *href *and is being treated as a
malicious string. It is stripped and the person is never queried.

Has anybody seen this before? Any idea for a workaround?

joelburke's Profile:
View this thread: