This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 0effce0c7b07483143b92e5c673cf8d55db6cef1 Author: Jacques Le Roux <[email protected]> AuthorDate: Sat Jul 3 19:23:07 2021 +0200 Fixed: IndexOutOfBoundsException on Entity Import (OFBIZ-12273) I get an IndexOutOfBoundsException when using the EntityImport. The problem occurs while having a resemblance of an url in the data. For example screenPath="component://... is interpreted as url because of '://' but doesn't match a valid url pattern. jleroux: I decided to keep it simple and to take the "component://" and the "https://localhost"; cases apart. I see no reasons to fear "https://localhost"; there. It should be only used in a safe dev env. Thanks: Sebastian Berg and Nicolas Malin for report --- .../src/main/java/org/apache/ofbiz/base/util/UtilHttp.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java index 8087090..54101df 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java @@ -415,7 +415,7 @@ public final class UtilHttp { params = params + s + " "; } else if (UtilValidate.isUrl(s) && !s.isEmpty()) { // if the string contains not only an URL => concatenate possible canonicalized before and after, w/o changing the URL - String url = extractUrls(s).get(0); // THere should be only 1 URL in a block, makes no sense else + String url = extractUrls(s).get(0); // There should be only 1 URL in a block, makes no sense else int start = s.indexOf(url); String after = (String) s.subSequence(start + url.length(), s.length()); params = params + canonicalizeParameter((String) s.subSequence(0, start)) + url + canonicalizeParameter(after) + " "; @@ -1736,9 +1736,15 @@ public final class UtilHttp { + "([-\\w~!$+|.,*:=]|%[a-f\\d]{2})*)*)*" + "(#([-\\w~!$+|.,*:=]|%[a-f\\d]{2})*)?\\b"); - Matcher matcher = pattern.matcher(input); - while (matcher.find()) { - result.add(matcher.group()); + if (input.contains("component://") + || input.contains("https://localhost";) // We consider localhost a safe dev env + || input.contains("https://127.0.0.1";)) { + result.add(input); + } else { + Matcher matcher = pattern.matcher(input); + while (matcher.find()) { + result.add(matcher.group()); + } } return result;
