mudhorn/zxing
1
0
Fork 0
mirror of https://github.com/zxing/zxing.git synced 2025-03-05 20:48:51 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Reject non-HTTP URIs

Browse source 
git-svn-id: https://zxing.googlecode.com/svn/trunk@2990 59b500cc-1b3d-0410-9834-0bbf25fbcc57
This commit is contained in:
srowen 2013-12-07 22:50:22 +00:00
parent da9d32846a
commit 4550d1d762
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
zxingorg/src/main/java/com/google/zxing/web/DecodeServlet.java
View file

@ -57,6 +57,7 @@ import java.net.MalformedURLException;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.net.URL; import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
@ -177,6 +178,13 @@ public final class DecodeServlet extends HttpServlet {
return; return;
} }
String protocol = imageURL.getProtocol();
if (!"http".equalsIgnoreCase(protocol) && !"https".equalsIgnoreCase(protocol)) {
log.info("URI was not valid: " + imageURIString);
response.sendRedirect("badurl.jspx");
return;
}
HttpURLConnection connection; HttpURLConnection connection;
try { try {
connection = (HttpURLConnection) imageURL.openConnection(); connection = (HttpURLConnection) imageURL.openConnection();