Update RequestInputFilter.java

Allow "Metadata", but not "meta" or "Meta".
NOAA-PMEL · Sep 29, 2022 · b4b7306 · b4b7306
1 parent 53be128
commit b4b7306
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/JavaSource/gov/noaa/pmel/tmap/las/filter/RequestInputFilter.java b/JavaSource/gov/noaa/pmel/tmap/las/filter/RequestInputFilter.java
@@ -444,7 +444,8 @@ public boolean validateTemplateAndImage(HttpServletRequest request) {
 				if (v.toLowerCase().contains(">") ||
 						v.toLowerCase().contains("<") ||
 						v.toLowerCase().contains("script") ||
-						v.toLowerCase().contains("meta") ||
+						// Want Metadata, but not "meta".
+                                               (v.toLowerCase().contains("meta") && !v.contains("Metadata")) ||
 						v.toLowerCase().contains("refresh") ||
 						v.toLowerCase().contains("equiv")
 				) {