diff options
| -rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java | 14 | ||||
| -rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java | 14 |
2 files changed, 23 insertions, 5 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java index 670756de..72128a9c 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java @@ -32,6 +32,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -113,9 +114,16 @@ public class ErrorPage extends HttpServlet { if (errorURL != null && WebConfiguration.isProvidePdfURLinWhitelist(errorURL)) { String template = PdfAsHelper.getErrorRedirectTemplateSL(); - template = template.replace("##ERROR_URL##", errorURL); - + URL url = new URL(errorURL); + String errorURLProcessed = url.getProtocol() + "://" + // "http" + ":// + url.getHost() + // "myhost" + ":" + // ":" + url.getPort() + // "8080" + url.getPath(); + + template = template.replace("##ERROR_URL##", errorURLProcessed); + String extraParams = UrlParameterExtractor .buildParameterFormString(url); template = template.replace("##ADD_PARAMS##", extraParams); @@ -126,7 +134,7 @@ public class ErrorPage extends HttpServlet { target = "_self"; } - template = template.replace("##TARGET##", target); + template = template.replace("##TARGET##", StringEscapeUtils.escapeHtml4(target)); if (e != null && WebConfiguration.isShowErrorDetails()) { template = template.replace("##CAUSE##", diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java index 7909e926..6ff6ccf7 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java @@ -31,7 +31,10 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.swing.text.html.HTML; +import org.apache.commons.lang3.StringEscapeUtils; +import org.codehaus.stax2.io.EscapingWriterFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -96,9 +99,16 @@ public class ProvidePDFServlet extends HttpServlet { } else { // Redirect Browser String template = PdfAsHelper.getInvokeRedirectTemplateSL(); - template = template.replace("##INVOKE_URL##", invokeURL); URL url = new URL(invokeURL); + String invokeUrlProcessed = url.getProtocol() + "://" + // "http" + ":// + url.getHost() + // "myhost" + ":" + // ":" + url.getPort() + // "8080" + url.getPath(); + + template = template.replace("##INVOKE_URL##", invokeUrlProcessed); + String extraParams = UrlParameterExtractor.buildParameterFormString(url); template = template.replace("##ADD_PARAMS##", extraParams); @@ -116,7 +126,7 @@ public class ProvidePDFServlet extends HttpServlet { target = "_self"; } - template = template.replace("##TARGET##", target); + template = template.replace("##TARGET##", StringEscapeUtils.escapeHtml4(target)); template = template.replace("##PDFURL##", URLEncoder.encode(PdfAsHelper.generatePdfURL(request, response), |