From 06623086e231ef094ec80b65a18b0fe8c8457bb7 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Thu, 19 Nov 2015 08:45:02 +0100
Subject: XML-Entity Injection in DataUrl Servlet gefixt

---
 .../java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java   | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper')

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 52eb8468..b2559b25 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -793,6 +793,23 @@ public class PdfAsHelper {
 		return baos.toByteArray();
 	}
 
+	public static boolean checkDataUrlAccess(HttpServletRequest request) throws Exception {
+		HttpSession session = request.getSession(false);
+		
+		if(session != null) {
+			Object statusObject = session
+					.getAttribute(PDF_STATUS);
+			if(statusObject != null && statusObject instanceof StatusRequest) {
+				StatusRequest statusRequest = (StatusRequest)statusObject;
+				if(statusRequest.needCertificate() || statusRequest.needSignature()) {
+					return true;
+				}
+			}
+		}
+
+		return false;
+	}
+	
 	public static void injectCertificate(HttpServletRequest request,
 			HttpServletResponse response,
 			InfoboxReadResponseType infoboxReadResponseType,
-- 
cgit v1.2.3