This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new f599c60f0a Fixed: Reject wrong URLs (OFBIZ-13006)
f599c60f0a is described below
commit f599c60f0a0d15c3f09d03ec164a8bf5f67e4c85
Author: Jacques Le Roux <[email protected]>
AuthorDate: Thu Apr 11 14:49:34 2024 +0200
Fixed: Reject wrong URLs (OFBIZ-13006)
Some URLs need to be rejected before they create problems
---
.../org/apache/ofbiz/webapp/control/ControlFilter.java | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index 6a09e9b49b..3110773989 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -161,15 +161,18 @@ public class ControlFilter extends HttpFilter {
}
// Reject wrong URLs
- try {
- String url = new
URI(req.getRequestURL().toString()).normalize().toString();
- if (!req.getRequestURL().toString().equals(url)) {
- throw new RuntimeException();
+ if (req.getRequestURL() != null) { // Allow tests with Mockito.
ControlFilterTests send null
+ try {
+ String url = new
URI(req.getRequestURL().toString()).normalize().toString();
+ if (!req.getRequestURL().toString().equals(url)) {
+ throw new RuntimeException();
+ }
+ } catch (URISyntaxException e) {
+ throw new RuntimeException(e);
}
- } catch (URISyntaxException e) {
- throw new RuntimeException(e);
}
+
// normalize to remove ".." special name usage to bypass webapp
filter
try {
uri = new URI(uri).normalize().toString();
