aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2023-04-11 17:51:24 +0200
committerThomas <>2023-04-11 17:51:24 +0200
commit7bc0b978c0e0047f6569040cabae330f8919f0ee (patch)
tree3a19130131ad332127f5e596e136b27c4a7d650f
parent794640bdb5c144db97faa9cadf1051ff837b7112 (diff)
downloadpdf-as-4-7bc0b978c0e0047f6569040cabae330f8919f0ee.tar.gz
pdf-as-4-7bc0b978c0e0047f6569040cabae330f8919f0ee.tar.bz2
pdf-as-4-7bc0b978c0e0047f6569040cabae330f8919f0ee.zip
chore(pdf-as-web): Handle error url not containing an explicit port
from TUG: The servlet tries to sanitize the URL by parsing it and writing it back out. In case the input URL doesn't contain an explicit port, URL.getPort() returns -1 which leads to "https://example.com:-1/mypath" in the template which isn't the same origin as without a port and gets rejected by the browser. Instead only add a port to the resulting URL if the input contains one as well.
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java15
1 files changed, 9 insertions, 6 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
index 72128a9c..42236f5e 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
@@ -42,8 +42,8 @@ import at.gv.egiz.pdfas.web.helper.HTMLFormater;
import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
import at.gv.egiz.pdfas.web.helper.UrlParameterExtractor;
import at.gv.egiz.pdfas.web.stats.StatisticEvent;
-import at.gv.egiz.pdfas.web.stats.StatisticFrontend;
import at.gv.egiz.pdfas.web.stats.StatisticEvent.Status;
+import at.gv.egiz.pdfas.web.stats.StatisticFrontend;
/**
* Servlet implementation class ErrorPage
@@ -116,11 +116,14 @@ public class ErrorPage extends HttpServlet {
String template = PdfAsHelper.getErrorRedirectTemplateSL();
URL url = new URL(errorURL);
- String errorURLProcessed = url.getProtocol() + "://" + // "http" + "://
- url.getHost() + // "myhost"
- ":" + // ":"
- url.getPort() + // "8080"
- url.getPath();
+ String errorURLProcessed = url.getProtocol() + "://" + url.getHost();
+ if (url.getPort() != -1) {
+ errorURLProcessed += ":" + url.getPort();
+
+ }
+
+ errorURLProcessed += url.getPath();
+
template = template.replace("##ERROR_URL##", errorURLProcessed);