From 4550d1d762bf8c4e2405180211e3c6a6723f21ed Mon Sep 17 00:00:00 2001
From: srowen <srowen@59b500cc-1b3d-0410-9834-0bbf25fbcc57>
Date: Sat, 7 Dec 2013 22:50:22 +0000
Subject: [PATCH] Reject non-HTTP URIs

git-svn-id: https://zxing.googlecode.com/svn/trunk@2990 59b500cc-1b3d-0410-9834-0bbf25fbcc57
---
 .../src/main/java/com/google/zxing/web/DecodeServlet.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
index 95c537773..ce36f68df 100644
--- a/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
+++ b/zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
@@ -57,6 +57,7 @@ import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.net.URLConnection;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collection;
@@ -177,6 +178,13 @@ public final class DecodeServlet extends HttpServlet {
       return;
     }
 
+    String protocol = imageURL.getProtocol();
+    if (!"http".equalsIgnoreCase(protocol) && !"https".equalsIgnoreCase(protocol)) {
+      log.info("URI was not valid: " + imageURIString);
+      response.sendRedirect("badurl.jspx");
+      return;
+    }
+
     HttpURLConnection connection;
     try {
       connection = (HttpURLConnection) imageURL.openConnection();