This is an automated email from the ASF dual-hosted git repository.
mbien pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git
commit 3b53a62195787c3b00cec86e5845959250aabc99
Author: Michael Bien <mbie...@gmail.com>
AuthorDate: Mon Aug 23 03:11:31 2021 +0200
Context URL validation.
---
.../weblogger/ui/core/filters/InitFilter.java | 42 +++++++++++++---------
1 file changed, 25 insertions(+), 17 deletions(-)
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/InitFilter.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/InitFilter.java
index 7ab9fa0..554ccc6 100644
---
a/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/InitFilter.java
+++
b/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/InitFilter.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.commons.validator.routines.UrlValidator;
import org.apache.roller.weblogger.config.WebloggerRuntimeConfig;
/**
@@ -41,7 +42,7 @@ import
org.apache.roller.weblogger.config.WebloggerRuntimeConfig;
*/
public class InitFilter implements Filter {
- private static Log log = LogFactory.getLog(InitFilter.class);
+ private static final Log log = LogFactory.getLog(InitFilter.class);
private boolean initialized = false;
@@ -53,22 +54,29 @@ public class InitFilter implements Filter {
// first request, lets do our initialization
HttpServletRequest request = (HttpServletRequest) req;
- // HttpServletResponse response = (HttpServletResponse) res;
-
- // determine absolute and relative url paths to the app
- String relPath = request.getContextPath();
- String absPath = this.getAbsoluteUrl(request);
-
- // set them in our config
- WebloggerRuntimeConfig.setAbsoluteContextURL(absPath);
- WebloggerRuntimeConfig.setRelativeContextURL(relPath);
-
- if (log.isDebugEnabled()) {
- log.debug("relPath = " + relPath);
- log.debug("absPath = " + absPath);
+
+ UrlValidator validator = new UrlValidator(
+ new String[]{"http", "https"},
+ UrlValidator.ALLOW_LOCAL_URLS); // for integration
tests
+
+ if(validator.isValid(request.getRequestURL().toString())) {
+
+ // determine absolute and relative url paths to the app
+ String relPath = request.getContextPath();
+ String absPath = this.getAbsoluteUrl(request);
+
+ // set them in our config
+ WebloggerRuntimeConfig.setAbsoluteContextURL(absPath);
+ WebloggerRuntimeConfig.setRelativeContextURL(relPath);
+
+ if (log.isDebugEnabled()) {
+ log.debug("relPath = " + relPath);
+ log.debug("absPath = " + absPath);
+ }
+
+ this.initialized = true;
}
- this.initialized = true;
}
chain.doFilter(req, res);
@@ -90,9 +98,9 @@ public class InitFilter implements Filter {
protected static String getAbsoluteUrl(boolean secure, String serverName,
String contextPath, String requestURI, String requestURL){
- String url = null;
+ String url;
- String fullUrl = null;
+ String fullUrl;
if (!secure) {
fullUrl = requestURL;
