diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2015-11-19 08:38:53 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2015-11-19 09:04:05 +0100 |
commit | 32bf02fbf25c5a9ab0133e7edba5d5edea914d30 (patch) | |
tree | 959d28d1fbc1207ba1307be554d1b9f0e5f24db1 /pdf-as-web/src/main/java/at/gv/egiz/pdfas/web | |
parent | 2a93094bb440c354d5b9dda20890bc537d305ba2 (diff) | |
download | pdf-as-4-32bf02fbf25c5a9ab0133e7edba5d5edea914d30.tar.gz pdf-as-4-32bf02fbf25c5a9ab0133e7edba5d5edea914d30.tar.bz2 pdf-as-4-32bf02fbf25c5a9ab0133e7edba5d5edea914d30.zip |
XSS Fix invoke-app-url-target, invoke-app-error-url
Diffstat (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web')
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java | 14 | ||||
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java | 14 |
2 files changed, 23 insertions, 5 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java index 670756de..72128a9c 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java @@ -32,6 +32,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -113,9 +114,16 @@ public class ErrorPage extends HttpServlet { if (errorURL != null && WebConfiguration.isProvidePdfURLinWhitelist(errorURL)) { String template = PdfAsHelper.getErrorRedirectTemplateSL(); - template = template.replace("##ERROR_URL##", errorURL); - + URL url = new URL(errorURL); + String errorURLProcessed = url.getProtocol() + "://" + // "http" + ":// + url.getHost() + // "myhost" + ":" + // ":" + url.getPort() + // "8080" + url.getPath(); + + template = template.replace("##ERROR_URL##", errorURLProcessed); + String extraParams = UrlParameterExtractor .buildParameterFormString(url); template = template.replace("##ADD_PARAMS##", extraParams); @@ -126,7 +134,7 @@ public class ErrorPage extends HttpServlet { target = "_self"; } - template = template.replace("##TARGET##", target); + template = template.replace("##TARGET##", StringEscapeUtils.escapeHtml4(target)); if (e != null && WebConfiguration.isShowErrorDetails()) { template = template.replace("##CAUSE##", diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java index 7909e926..6ff6ccf7 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java @@ -31,7 +31,10 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.swing.text.html.HTML; +import org.apache.commons.lang3.StringEscapeUtils; +import org.codehaus.stax2.io.EscapingWriterFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -96,9 +99,16 @@ public class ProvidePDFServlet extends HttpServlet { } else { // Redirect Browser String template = PdfAsHelper.getInvokeRedirectTemplateSL(); - template = template.replace("##INVOKE_URL##", invokeURL); URL url = new URL(invokeURL); + String invokeUrlProcessed = url.getProtocol() + "://" + // "http" + ":// + url.getHost() + // "myhost" + ":" + // ":" + url.getPort() + // "8080" + url.getPath(); + + template = template.replace("##INVOKE_URL##", invokeUrlProcessed); + String extraParams = UrlParameterExtractor.buildParameterFormString(url); template = template.replace("##ADD_PARAMS##", extraParams); @@ -116,7 +126,7 @@ public class ProvidePDFServlet extends HttpServlet { target = "_self"; } - template = template.replace("##TARGET##", target); + template = template.replace("##TARGET##", StringEscapeUtils.escapeHtml4(target)); template = template.replace("##PDFURL##", URLEncoder.encode(PdfAsHelper.generatePdfURL(request, response), |