1 files changed, 18 insertions, 8 deletions

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
index 9532e074..cb404b66 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
@@ -5,6 +5,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 
 import at.gv.egiz.pdfas.common.utils.StreamUtils;
+import at.gv.egiz.pdfas.web.config.WebConfiguration;
 import at.gv.egiz.pdfas.web.exception.PdfAsWebException;
 
 public class RemotePDFFetcher {
@@ -16,16 +17,25 @@ public class RemotePDFFetcher {
 		} catch (MalformedURLException e) {
 			throw new PdfAsWebException("Not a valid URL!", e);
 		}
-		if(url.getProtocol().equals("http") || url.getProtocol().equals("https")) {
-			
-			try {
-				InputStream is = url.openStream();
-				return StreamUtils.inputStreamToByteArray(is);
-			} catch (Exception e) {
-				throw new PdfAsWebException("Failed to fetch pdf document!", e);
+		if (WebConfiguration.isProvidePdfURLinWhitelist(url.toExternalForm())) {
+			if (url.getProtocol().equals("http")
+					|| url.getProtocol().equals("https")) {
+
+				try {
+					InputStream is = url.openStream();
+					return StreamUtils.inputStreamToByteArray(is);
+				} catch (Exception e) {
+					throw new PdfAsWebException(
+							"Failed to fetch pdf document!", e);
+				}
+			} else {
+				throw new PdfAsWebException(
+						"Failed to fetch pdf document protocol "
+								+ url.getProtocol() + " is not supported");
 			}
 		} else {
-			throw new PdfAsWebException("Failed to fetch pdf document protocol " + url.getProtocol() + " is not supported");
+			throw new PdfAsWebException(
+					"Failed to fetch pdf document " + url.toExternalForm() + " is not allowed");
 		}
 	}
 }