(ofbiz-framework) 02/04: Improved: Prevent special encoded characters sequences in URLs (OFBIZ-13092)

[jleroux]

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit 7e7b7c4266d85fdcf2ad9216349424abd7138615
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat May 18 18:11:50 2024 +0200

    Improved: Prevent special encoded characters sequences in URLs (OFBIZ-13092)
    
    Better avoid special encoded characters sequences
    Improves deniedWebShellTokens in security.properties
---
 .../src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index b1f3dfd976..8ef02fad5c 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -166,8 +166,7 @@ public class ControlFilter extends HttpFilter {
                 String uRIFiltered = new URI(initialURI)
                         .normalize().toString()
                         .replaceAll(";", "")
-                        .replaceAll("(?i)%2e", "")   //    . encoded
-                        ;
+                        .replaceAll("(?i)%2e", "");
                 if (!initialURI.equals(uRIFiltered)) {
                     Debug.logError("For security reason this URL is not 
accepted", MODULE);
                     throw new RuntimeException("For security reason this URL 
is not accepted");