Sanitize data in an HTTP response header of Warning and WWW-Authenticate headers of Rest services. (#813)

Author: claudiamurialdo

dotnet/src/dotnetframework/GxClasses/Services/GXRestServices.cs

@@ -372,7 +372,7 @@ protected void SetMessages(msglist messages)
 			}
 			if (!emptyHeader)
 			{
-				AddHeader(WARNING_HEADER, header.ToString());
+				AddHeader(WARNING_HEADER, StringUtil.Sanitize(header.ToString(), StringUtil.HttpHeaderWhiteList));
 			}
 		}
 		public void SetError(string code, string message)
@@ -477,7 +477,7 @@ private bool IsAuthenticated(GAMSecurityLevel objIntegratedSecurityLevel, bool o
 							}
 							else
 							{
-								AddHeader(HttpHeader.AUTHENTICATE_HEADER, HttpHelper.OatuhUnauthorizedHeader(context.GetServerName(), result.Code, result.Description));
+								AddHeader(HttpHeader.AUTHENTICATE_HEADER, StringUtil.Sanitize(HttpHelper.OatuhUnauthorizedHeader(context.GetServerName(), result.Code, result.Description), StringUtil.HttpHeaderWhiteList));
 								SetStatusCode(HttpStatusCode.Unauthorized);
 							}
 							return false;