summaryrefslogtreecommitdiff
path: root/bkucommon/src/main
diff options
context:
space:
mode:
authortkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2011-08-31 18:24:12 +0000
committertkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2011-08-31 18:24:12 +0000
commit93a2ea0edb700eb6b1a37d26552447c4502a0b13 (patch)
treef6d88b6a6bc730210a7f11c3cfbbfc9f643b2667 /bkucommon/src/main
parent58ee12a9fe53bc528c4c1e39de22a5184687a260 (diff)
downloadmocca-93a2ea0edb700eb6b1a37d26552447c4502a0b13.tar.gz
mocca-93a2ea0edb700eb6b1a37d26552447c4502a0b13.tar.bz2
mocca-93a2ea0edb700eb6b1a37d26552447c4502a0b13.zip
Perform basic checks on RedirectURL
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@967 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'bkucommon/src/main')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java9
1 files changed, 7 insertions, 2 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 615fcc9d..18e38752 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -437,7 +437,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
} else {
log.info("Content type not set in dataurl response.");
closeDataUrlConnection();
- throw new SLBindingException(2007);
+ throw new SLBindingException(2007);
}
break;
@@ -608,7 +608,12 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
* @return null if redirect url is not set.
*/
public String getRedirectURL() {
- return getFormParameterAsString(FixedFormParameters.REDIRECTURL);
+ String redirectURL = getFormParameterAsString(FixedFormParameters.REDIRECTURL);
+ log.debug("Evaluating redirectURL: " + redirectURL);
+ if (redirectURL == null || redirectURL.isEmpty() || redirectURL.contains("\r") || redirectURL.contains("\n") ||
+ redirectURL.contains("<") || redirectURL.toLowerCase().contains("javascript:"))
+ return null;
+ return redirectURL;
}
public String getFormDataContentType(String aParameterName) {