(ofbiz-framework) branch release24.09 updated: Improved: Prevent URL parameters manipulation (OFBIZ-13147)

[jleroux]

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release24.09 by this push:
     new 222bf3cdd4 Improved: Prevent URL parameters manipulation (OFBIZ-13147)
222bf3cdd4 is described below

commit 222bf3cdd4b6bc533f7d99bd261b5147cd4557f8
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu Oct 24 21:38:11 2024 +0200

    Improved: Prevent URL parameters manipulation (OFBIZ-13147)
    
    Fixes a "typo"
---
 .../src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index a4c0e59400..8c9ebb3810 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -172,7 +172,7 @@ public class ControlFilter extends HttpFilter {
             String queryString = req.getQueryString();
             if (queryString != null) {
                 queryString = URLDecoder.decode(queryString, "UTF-8");
-                if (UtilValidate.isUrlInString(queryString)
+                if (UtilValidate.isUrl(queryString)
                         || !SecuredUpload.isValidText(queryString, 
Collections.emptyList())
                         && isSolrTest()) {
                     Debug.logError("For security reason this URL is not 
accepted", MODULE);