hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

added validation of page url

Browse Source
This commit is contained in:
Sascha Szott
2024-01-26 09:58:57 +01:00
committed by GitHub
parent 19049d0df1
commit 771f37a1fa
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/FeedbackRestRepository.java
View File

@@ -79,8 +79,14 @@ public class FeedbackRestRepository extends DSpaceRestRepository<FeedbackRest, I
throw new DSpaceBadRequestException("e-mail and message fields are mandatory!");
}
String pageUrl = feedbackRest.getPage();
String urlPrefix = configurationService.getProperty("dspace.ui.url");
if (! StringUtils.startsWith(pageUrl, urlPrefix)) {
throw new DSpaceBadRequestException("unexpected page url was submitted");
}
try {
feedbackService.sendEmail(context, req, recipientEmail, senderEmail, message, feedbackRest.getPage());
feedbackService.sendEmail(context, req, recipientEmail, senderEmail, message, pageUrl);
} catch (IOException | MessagingException e) {
throw new RuntimeException(e.getMessage(), e);
}
@@ -100,4 +106,4 @@ public class FeedbackRestRepository extends DSpaceRestRepository<FeedbackRest, I
this.feedbackService = feedbackService;
}
}
}