From a48171674bd062d03d80e0160625943b5993b3d4 Mon Sep 17 00:00:00 2001
From: Naduni Pamudika <nadunipamudika@naduni.local>
Date: Fri, 4 Oct 2024 17:36:18 +0530
Subject: [PATCH] Add code improvements related to security enhancements

---
 .../distribution/product/src/main/extensions/header.jsp  | 9 ++++++++-
 .../extensions/self-registration-with-verification.jsp   | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/modules/distribution/product/src/main/extensions/header.jsp b/modules/distribution/product/src/main/extensions/header.jsp
index 99d246b21c..53b7096257 100644
--- a/modules/distribution/product/src/main/extensions/header.jsp
+++ b/modules/distribution/product/src/main/extensions/header.jsp
@@ -59,6 +59,7 @@
   String logoWidth = "50";
   String logoAltText = "";
   File customCSSFile = null;
+  FileReader fr = null;
   String customCSS = "";
   String tenantThemeDirectoryName = "";
   boolean showCookiePolicy = true;
@@ -77,7 +78,8 @@
           File themeFile = new File(tenantThemeFile);
           customCSSFile = new File(customCSS);
           if (themeFile != null && themeFile.exists() && themeFile.isFile()) {
-              FileReader fr = new FileReader(themeFile);
+            try {
+              fr = new FileReader(themeFile);
               JSONParser parser = new JSONParser();
               Object obj = parser.parse(fr);
               JSONObject jsonObject = (JSONObject) obj;
@@ -126,6 +128,11 @@
                   showPrivacyPolicy = (Boolean)(privacyPolicyThemeObj.get("visible"));
                   privacyPolicyText = (String)privacyPolicyThemeObj.get("text");
               }
+            } finally {
+                if (fr != null) {
+                    fr.close();
+                }
+            }
           }
       }
   }
diff --git a/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp b/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp
index f478e97ff7..30ef732419 100644
--- a/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp
+++ b/modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp
@@ -382,14 +382,14 @@
                                             <%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, "Password")%>
                                         </label>
                                         <input id="password" name="password" type="password"
-                                               class="form-control" required>
+                                               class="form-control" autocomplete="off" required>
                                     </div>
                                     <div class="required field">
                                         <label for="password2" class="control-label">
                                             <%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, "Confirm.password")%>
                                         </label>
                                         <input id="password2" name="password2" type="password" class="form-control"
-                                               data-match="reg-password" required>
+                                               data-match="reg-password" autocomplete="off" required>
                                     </div>
                                 </div>