diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-01-28 16:05:21 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-01-28 16:05:21 +0100 |
commit | d0c59a890be350ff1c39901e7fa94bf68c048065 (patch) | |
tree | 10aef75582d15acf1c4f67d2a702e55c1b7d74fb /pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper | |
parent | 7623d9b081af23191f307e1f06df7ce5508bf925 (diff) | |
download | pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.gz pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.bz2 pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.zip |
URL Whitelist + Basic Design
Diffstat (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper')
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 1 | ||||
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java | 26 |
2 files changed, 18 insertions, 9 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 2f62269b..1059738e 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -76,7 +76,6 @@ public class PdfAsHelper { private static ObjectFactory of = new ObjectFactory(); static { - // TODO: read from config file logger.debug("Creating PDF-AS"); pdfAs = PdfAsFactory.createPdfAs(new File(WebConfiguration.getPdfASDir())); logger.debug("Creating PDF-AS done"); diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java index 9532e074..cb404b66 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java @@ -5,6 +5,7 @@ import java.net.MalformedURLException; import java.net.URL; import at.gv.egiz.pdfas.common.utils.StreamUtils; +import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.exception.PdfAsWebException; public class RemotePDFFetcher { @@ -16,16 +17,25 @@ public class RemotePDFFetcher { } catch (MalformedURLException e) { throw new PdfAsWebException("Not a valid URL!", e); } - if(url.getProtocol().equals("http") || url.getProtocol().equals("https")) { - - try { - InputStream is = url.openStream(); - return StreamUtils.inputStreamToByteArray(is); - } catch (Exception e) { - throw new PdfAsWebException("Failed to fetch pdf document!", e); + if (WebConfiguration.isProvidePdfURLinWhitelist(url.toExternalForm())) { + if (url.getProtocol().equals("http") + || url.getProtocol().equals("https")) { + + try { + InputStream is = url.openStream(); + return StreamUtils.inputStreamToByteArray(is); + } catch (Exception e) { + throw new PdfAsWebException( + "Failed to fetch pdf document!", e); + } + } else { + throw new PdfAsWebException( + "Failed to fetch pdf document protocol " + + url.getProtocol() + " is not supported"); } } else { - throw new PdfAsWebException("Failed to fetch pdf document protocol " + url.getProtocol() + " is not supported"); + throw new PdfAsWebException( + "Failed to fetch pdf document " + url.toExternalForm() + " is not allowed"); } } } |