(ofbiz-framework) branch release18.12 updated: Implemented: Only accept right URLs as referrer (OFBIZ-13219)

Wed, 26 Mar 2025 00:51:25 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new ddfe3727b1 Implemented: Only accept right URLs as referrer 
(OFBIZ-13219)
ddfe3727b1 is described below

commit ddfe3727b1f4948a515347973f2117026a31d06e
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Mar 26 08:39:51 2025 +0100

    Implemented: Only accept right URLs as referrer (OFBIZ-13219)
    
    Check that the referrer URL is correct.
---
 applications/party/template/visit/VisitDetail.ftl                  | 7 ++++++-
 .../src/main/java/org/apache/ofbiz/webapp/stats/VisitHandler.java  | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/applications/party/template/visit/VisitDetail.ftl 
b/applications/party/template/visit/VisitDetail.ftl
index 9a516a1f36..5542e36da5 100644
--- a/applications/party/template/visit/VisitDetail.ftl
+++ b/applications/party/template/visit/VisitDetail.ftl
@@ -69,7 +69,12 @@ under the License.
         </tr>
         <tr>
           <td class="label">${uiLabelMap.PartyInitialReferer}</td>
-          <td><a href="${visit.initialReferrer!}" 
>${visit.initialReferrer!}</a></td>
+          <#assign isUrl = 
Static["org.apache.ofbiz.base.util.UtilValidate"].isUrlInString(visit.initialReferrer)>
+          <#if isUrl>
+              <td><a href="${visit.initialReferrer!}" 
>${visit.initialReferrer!}</a></td>
+          <#else>
+              <td>${visit.initialReferrer!}</td>
+          </#if>
         </tr>
         <tr>
           <td class="label">${uiLabelMap.PartyInitialUserAgent}</td>
diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/stats/VisitHandler.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/stats/VisitHandler.java
index 9dcbbb3c1d..38fd355810 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/stats/VisitHandler.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/stats/VisitHandler.java
@@ -136,6 +136,9 @@ public class VisitHandler {
                             Locale initialLocaleObj = (Locale) 
session.getAttribute("_CLIENT_LOCALE_");
                             String initialRequest = (String) 
session.getAttribute("_CLIENT_REQUEST_");
                             String initialReferrer = (String) 
session.getAttribute("_CLIENT_REFERER_");
+                            if (!UtilValidate.isUrlInString(initialReferrer)) {
+                                initialReferrer = "Not an URL";
+                            }
                             String initialUserAgent = (String) 
session.getAttribute("_CLIENT_USER_AGENT_");
 
                             String initialLocale = initialLocaleObj != null ? 
initialLocaleObj.toString() : "";

Reply via email to