Add code improvements related to security enhancements

wso2 · Oct 4, 2024 · a481716 · a481716
1 parent ac2c746
commit a481716
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/modules/distribution/product/src/main/extensions/header.jsp b/modules/distribution/product/src/main/extensions/header.jsp
@@ -59,6 +59,7 @@
   String logoWidth = "50";
   String logoAltText = "";
   File customCSSFile = null;
+  FileReader fr = null;
   String customCSS = "";
   String tenantThemeDirectoryName = "";
   boolean showCookiePolicy = true;
@@ -77,7 +78,8 @@
           File themeFile = new File(tenantThemeFile);
           customCSSFile = new File(customCSS);
           if (themeFile != null && themeFile.exists() && themeFile.isFile()) {
-              FileReader fr = new FileReader(themeFile);
+            try {
+              fr = new FileReader(themeFile);
               JSONParser parser = new JSONParser();
               Object obj = parser.parse(fr);
               JSONObject jsonObject = (JSONObject) obj;
@@ -126,6 +128,11 @@
                   showPrivacyPolicy = (Boolean)(privacyPolicyThemeObj.get("visible"));
                   privacyPolicyText = (String)privacyPolicyThemeObj.get("text");
               }
+            } finally {
+                if (fr != null) {
+                    fr.close();
+                }
+            }
           }
       }
   }

diff --git a/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp b/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp
@@ -382,14 +382,14 @@
                                             <%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, "Password")%>
                                         </label>
                                         <input id="password" name="password" type="password"
-                                               class="form-control" required>
+                                               class="form-control" autocomplete="off" required>
                                     </div>
                                     <div class="required field">
                                         <label for="password2" class="control-label">
                                             <%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, "Confirm.password")%>
                                         </label>
                                         <input id="password2" name="password2" type="password" class="form-control"
-                                               data-match="reg-password" required>
+                                               data-match="reg-password" autocomplete="off" required>
                                     </div>
                                 </div>