diff options
| author | Thomas <> | 2023-04-11 17:51:24 +0200 | 
|---|---|---|
| committer | Thomas <> | 2023-04-11 17:51:24 +0200 | 
| commit | 7bc0b978c0e0047f6569040cabae330f8919f0ee (patch) | |
| tree | 3a19130131ad332127f5e596e136b27c4a7d650f /pdf-as-web | |
| parent | 794640bdb5c144db97faa9cadf1051ff837b7112 (diff) | |
| download | pdf-as-4-7bc0b978c0e0047f6569040cabae330f8919f0ee.tar.gz pdf-as-4-7bc0b978c0e0047f6569040cabae330f8919f0ee.tar.bz2 pdf-as-4-7bc0b978c0e0047f6569040cabae330f8919f0ee.zip | |
chore(pdf-as-web): Handle error url not containing an explicit port
from TUG:
The servlet tries to sanitize the URL by parsing it and writing it back out.
In case the input URL doesn't contain an explicit port, URL.getPort() returns -1
which leads to "https://example.com:-1/mypath" in the template which isn't the
same origin as without a port and gets rejected by the browser.
Instead only add a port to the resulting URL if the input contains one as well.
Diffstat (limited to 'pdf-as-web')
| -rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java | 15 | 
1 files changed, 9 insertions, 6 deletions
| diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java index 72128a9c..42236f5e 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java @@ -42,8 +42,8 @@ import at.gv.egiz.pdfas.web.helper.HTMLFormater;  import at.gv.egiz.pdfas.web.helper.PdfAsHelper;  import at.gv.egiz.pdfas.web.helper.UrlParameterExtractor;  import at.gv.egiz.pdfas.web.stats.StatisticEvent; -import at.gv.egiz.pdfas.web.stats.StatisticFrontend;  import at.gv.egiz.pdfas.web.stats.StatisticEvent.Status; +import at.gv.egiz.pdfas.web.stats.StatisticFrontend;  /**   * Servlet implementation class ErrorPage @@ -116,11 +116,14 @@ public class ErrorPage extends HttpServlet {  				String template = PdfAsHelper.getErrorRedirectTemplateSL();  				URL url = new URL(errorURL); -				String errorURLProcessed = url.getProtocol() + "://" +   // "http" + ":// -						url.getHost() +       // "myhost" -			             ":" +                           // ":" -			             url.getPort() +       // "8080" -			             url.getPath();   +				String errorURLProcessed = url.getProtocol() + "://" + url.getHost(); +        if (url.getPort() != -1) { +          errorURLProcessed += ":" + url.getPort(); +           +        } +         +        errorURLProcessed += url.getPath(); +   				template = template.replace("##ERROR_URL##", errorURLProcessed); | 
