diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-01-28 16:05:21 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-01-28 16:05:21 +0100 |
commit | d0c59a890be350ff1c39901e7fa94bf68c048065 (patch) | |
tree | 10aef75582d15acf1c4f67d2a702e55c1b7d74fb /pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java | |
parent | 7623d9b081af23191f307e1f06df7ce5508bf925 (diff) | |
download | pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.gz pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.bz2 pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.zip |
URL Whitelist + Basic Design
Diffstat (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java')
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java index fe436566..ef8e058f 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java @@ -8,9 +8,9 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.swing.text.html.HTML; -import org.apache.commons.lang3.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.helper.HTMLFormater; @@ -21,7 +21,10 @@ import at.gv.egiz.pdfas.web.helper.PdfAsHelper; */ public class ErrorPage extends HttpServlet { private static final long serialVersionUID = 1L; - + + private static final Logger logger = LoggerFactory + .getLogger(ErrorPage.class); + /** * @see HttpServlet#HttpServlet() */ @@ -61,7 +64,7 @@ public class ErrorPage extends HttpServlet { .getSessionException(request, response); String message = PdfAsHelper.getSessionErrMessage(request, response); - if (errorURL != null) { + if (errorURL != null && WebConfiguration.isProvidePdfURLinWhitelist(errorURL)) { String template = PdfAsHelper.getErrorRedirectTemplateSL(); template = template.replace("##ERROR_URL##", errorURL); @@ -81,6 +84,9 @@ public class ErrorPage extends HttpServlet { response.getWriter().write(template); response.getWriter().close(); } else { + if(!WebConfiguration.isProvidePdfURLinWhitelist(errorURL)) { + logger.warn(errorURL + " is not allowed by whitelist"); + } response.setContentType("text/html"); PrintWriter pw = response.getWriter(); |