Mercurial > hg > LightPIT / file comparison

comparison: src/main/kotlin/de/uapcore/lightpit/AbstractServlet.kt

src/main/kotlin/de/uapcore/lightpit/AbstractServlet.kt

changeset 392
c0c7b4ca2946
parent 374
34abadbdd0e3
equal deleted inserted replaced
391:49f68aeb1dd2 392:c0c7b4ca2946
136 req.characterEncoding = "UTF-8" 136 req.characterEncoding = "UTF-8"
137 137
138 // set some internal request attributes 138 // set some internal request attributes
139 val fullPath = req.servletPath + Optional.ofNullable(req.pathInfo).orElse("") 139 val fullPath = req.servletPath + Optional.ofNullable(req.pathInfo).orElse("")
140 req.setAttribute(Constants.REQ_ATTR_PATH, fullPath) 140 req.setAttribute(Constants.REQ_ATTR_PATH, fullPath)
141 req.getHeader("Referer")?.let { 141 req.getHeader("Referer")?.let { referer ->
142 // TODO: add a sanity check to avoid link injection 142 val portInfo =
143 if ((req.scheme == "http" && req.serverPort == 80)
144 || (req.scheme == "https" && req.serverPort == 443)
145 ) "" else ":${req.serverPort}"
146 val baseHrefOptionalPort = "${req.scheme}://${req.serverName}$portInfo${req.contextPath}/"
147 val baseHrefWithPort = "${req.scheme}://${req.serverName}${req.serverPort}${req.contextPath}/"
148 if (referer.startsWith(baseHrefOptionalPort) || referer.startsWith(baseHrefWithPort)) {
149 referer
150 } else {
151 null
152 }
153 }?.let {
143 req.setAttribute(Constants.REQ_ATTR_REFERER, it) 154 req.setAttribute(Constants.REQ_ATTR_REFERER, it)
144 } 155 }
145 156
146 // choose the requested language as session language (if available) 157 // choose the requested language as session language (if available)
147 if (session.getAttribute(Constants.SESSION_ATTR_LANGUAGE) == null) { 158 if (session.getAttribute(Constants.SESSION_ATTR_LANGUAGE) == null) {

Mercurial Repository: LightPIT

mercurial