LightPIT: comparison src/main/kotlin/de/uapcore/lightpit/RequestMapping.kt

-:49f68aeb1dd2
+:c0c7b4ca2946
 var redirectLocation: String? = null
 set(value) {
 field = value
 if (value == null) {
 request.removeAttribute(Constants.REQ_ATTR_REDIRECT_LOCATION)
+} else if (value.startsWith(baseHref)) {
+request.setAttribute(Constants.REQ_ATTR_REDIRECT_LOCATION, value)
 } else {
 request.setAttribute(Constants.REQ_ATTR_REDIRECT_LOCATION, baseHref + value)
 }
 }
 contentPage = Constants.JSP_COMMIT_SUCCESSFUL
 render()
 }
 fun i18n(key: String): String = ResourceBundle.getBundle("localization/strings", response.locale).getString(key)
+fun sanitizeReferer(referer: String?): String? {
+if (referer == null) return null
+// if someone really explicitly specifies the default port, we must support that, but we will remove it
+val baseHrefWithPort = "${request.scheme}://${request.serverName}${request.serverPort}${request.contextPath}/"
+return if (referer.startsWith(baseHref)) {
+referer
+} else if (referer.startsWith(baseHrefWithPort)) {
+referer.replaceFirst(baseHrefWithPort, baseHref)
+} else {
+null
+}
+}
 }
 /**
 * A path pattern optionally containing placeholders.
 *

Mercurial > hg > LightPIT / file comparison