This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.security-1.0.10 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 7a459109eef1570e0633e3f3bdf71463ac81d167 Author: Carsten Ziegeler <[email protected]> AuthorDate: Tue Nov 15 08:30:41 2011 +0000 SLING-2279 : ReferrerFilter should not reverse lookup the IPs of interfaces. Apply patch from Tobias Bocanegra git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1202087 13f79535-47bb-0310-9956-ffa450edef68 --- .../org/apache/sling/security/impl/ReferrerFilter.java | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java index 344e9d4..da81f41 100644 --- a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java +++ b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java @@ -104,24 +104,13 @@ public class ReferrerFilter implements Filter { while(ias.hasMoreElements()){ final InetAddress ia = ias.nextElement(); final String address = ia.getHostAddress().trim().toLowerCase(); - final String name = ia.getHostName().trim().toLowerCase(); if ( ia instanceof Inet4Address ) { referrers.add("http://"; + address + ":0"); referrers.add("https://"; + address + ":0"); - referrers.add("http://"; + name + ":0"); - referrers.add("https://"; + name + ":0"); - if (name.indexOf('.')>-1){ - int index = name.indexOf('.'); - String host = name.substring(0, index); - referrers.add("http://"; + host.trim().toLowerCase() + ":0"); - referrers.add("https://"; + host.trim().toLowerCase() + ":0"); - } } if ( ia instanceof Inet6Address ) { referrers.add("http://["; + address + "]" + ":0"); referrers.add("https://["; + address + "]" + ":0"); - referrers.add("http://["; + name + "]" + ":0"); - referrers.add("https://["; + name + "]" + ":0"); } } } @@ -335,7 +324,7 @@ public class ReferrerFilter implements Filter { /** * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) */ - public void init(FilterConfig arg0) throws ServletException { + public void init(final FilterConfig config) throws ServletException { // nothing to do } @@ -352,8 +341,7 @@ public class ReferrerFilter implements Filter { * Print out the allowedReferrers * @see org.apache.felix.webconsole.ConfigurationPrinter#printConfiguration(java.io.PrintWriter) */ - @SuppressWarnings("unused") - public void printConfiguration(PrintWriter pw) { + public void printConfiguration(final PrintWriter pw) { pw.println("Current Apache Sling Referrer Filter Allowed Referrers:"); pw.println(); for (final URL url : allowedReferrers) { -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
