From 93a2ea0edb700eb6b1a37d26552447c4502a0b13 Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 31 Aug 2011 18:24:12 +0000
Subject: Perform basic checks on RedirectURL

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@967 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java    | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'bkucommon')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 615fcc9d..18e38752 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -437,7 +437,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 				} else {
 					log.info("Content type not set in dataurl response.");
 					closeDataUrlConnection();
-                    throw new SLBindingException(2007);
+					throw new SLBindingException(2007);
 				}
 
 				break;
@@ -608,7 +608,12 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 	 * @return null if redirect url is not set.
 	 */
 	public String getRedirectURL() {
-		return getFormParameterAsString(FixedFormParameters.REDIRECTURL);
+		String redirectURL = getFormParameterAsString(FixedFormParameters.REDIRECTURL);
+		log.debug("Evaluating redirectURL: " + redirectURL);
+		if (redirectURL == null || redirectURL.isEmpty() || redirectURL.contains("\r") || redirectURL.contains("\n") ||
+				redirectURL.contains("<") || redirectURL.toLowerCase().contains("javascript:"))
+			return null;
+		return redirectURL;
 	}
 
 	public String getFormDataContentType(String aParameterName) {
-- 
cgit v1.2.3