XML-Entity Injection in DataUrl Servlet gefixt

2 files changed, 21 insertions, 0 deletions

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 52eb8468..b2559b25 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -793,6 +793,23 @@ public class PdfAsHelper {
 		return baos.toByteArray();
 	}
 
+	public static boolean checkDataUrlAccess(HttpServletRequest request) throws Exception {
+		HttpSession session = request.getSession(false);
+		
+		if(session != null) {
+			Object statusObject = session
+					.getAttribute(PDF_STATUS);
+			if(statusObject != null && statusObject instanceof StatusRequest) {
+				StatusRequest statusRequest = (StatusRequest)statusObject;
+				if(statusRequest.needCertificate() || statusRequest.needSignature()) {
+					return true;
+				}
+			}
+		}
+
+		return false;
+	}
+	
 	public static void injectCertificate(HttpServletRequest request,
 			HttpServletResponse response,
 			InfoboxReadResponseType infoboxReadResponseType,
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java
index 5b3fe82a..13c37171 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/DataURLServlet.java
@@ -80,6 +80,10 @@ public class DataURLServlet extends HttpServlet {
 	protected void process(HttpServletRequest request,
 			HttpServletResponse response) throws ServletException, IOException {
 		try {
+			if(!PdfAsHelper.checkDataUrlAccess(request)) {
+				throw new Exception("No valid dataURL access");
+			}
+			
 			PdfAsHelper.setFromDataUrl(request);
 			String xmlResponse = request.getParameter("XMLResponse");