(ofbiz-framework) branch trunk updated: Fixed: Reject wrong URLs (OFBIZ-13006)

[jleroux]

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new d1eb477355 Fixed: Reject wrong URLs (OFBIZ-13006)
d1eb477355 is described below

commit d1eb4773550aee43ca18166791332e6e516a469f
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu Apr 11 14:49:34 2024 +0200

    Fixed: Reject wrong URLs (OFBIZ-13006)
    
    Some URLs need to be rejected before they create problems
---
 .../java/org/apache/ofbiz/webapp/control/ControlFilter.java    | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index a22888b9f5..6a09e9b49b 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -160,6 +160,16 @@ public class ControlFilter extends HttpFilter {
                 }
             }
 
+            // Reject wrong URLs
+            try {
+                String url = new 
URI(req.getRequestURL().toString()).normalize().toString();
+                if (!req.getRequestURL().toString().equals(url)) {
+                    throw new RuntimeException();
+                }
+            } catch (URISyntaxException e) {
+                throw new RuntimeException(e);
+            }
+
             // normalize to remove ".." special name usage to bypass webapp 
filter
             try {
                 uri = new URI(uri).normalize().toString();