aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java14
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java14
2 files changed, 23 insertions, 5 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
index 670756de..72128a9c 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -113,9 +114,16 @@ public class ErrorPage extends HttpServlet {
if (errorURL != null
&& WebConfiguration.isProvidePdfURLinWhitelist(errorURL)) {
String template = PdfAsHelper.getErrorRedirectTemplateSL();
- template = template.replace("##ERROR_URL##", errorURL);
-
+
URL url = new URL(errorURL);
+ String errorURLProcessed = url.getProtocol() + "://" + // "http" + "://
+ url.getHost() + // "myhost"
+ ":" + // ":"
+ url.getPort() + // "8080"
+ url.getPath();
+
+ template = template.replace("##ERROR_URL##", errorURLProcessed);
+
String extraParams = UrlParameterExtractor
.buildParameterFormString(url);
template = template.replace("##ADD_PARAMS##", extraParams);
@@ -126,7 +134,7 @@ public class ErrorPage extends HttpServlet {
target = "_self";
}
- template = template.replace("##TARGET##", target);
+ template = template.replace("##TARGET##", StringEscapeUtils.escapeHtml4(target));
if (e != null && WebConfiguration.isShowErrorDetails()) {
template = template.replace("##CAUSE##",
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java
index 7909e926..6ff6ccf7 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java
@@ -31,7 +31,10 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.swing.text.html.HTML;
+import org.apache.commons.lang3.StringEscapeUtils;
+import org.codehaus.stax2.io.EscapingWriterFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -96,9 +99,16 @@ public class ProvidePDFServlet extends HttpServlet {
} else {
// Redirect Browser
String template = PdfAsHelper.getInvokeRedirectTemplateSL();
- template = template.replace("##INVOKE_URL##", invokeURL);
URL url = new URL(invokeURL);
+ String invokeUrlProcessed = url.getProtocol() + "://" + // "http" + "://
+ url.getHost() + // "myhost"
+ ":" + // ":"
+ url.getPort() + // "8080"
+ url.getPath();
+
+ template = template.replace("##INVOKE_URL##", invokeUrlProcessed);
+
String extraParams = UrlParameterExtractor.buildParameterFormString(url);
template = template.replace("##ADD_PARAMS##", extraParams);
@@ -116,7 +126,7 @@ public class ProvidePDFServlet extends HttpServlet {
target = "_self";
}
- template = template.replace("##TARGET##", target);
+ template = template.replace("##TARGET##", StringEscapeUtils.escapeHtml4(target));
template = template.replace("##PDFURL##",
URLEncoder.encode(PdfAsHelper.generatePdfURL(request, response),