0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix #1494 improve invalid referer response

Browse source
This commit is contained in:
Shinsuke Sugaya 2018-02-11 15:47:22 +09:00
parent cff518ad60
commit 26b4d202e6
3 changed files with 17 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/main/java/org/codelibs/fess/api/gsa/GsaApiManager.java
View file

@ -77,10 +77,6 @@ public class GsaApiManager extends BaseApiManager implements WebApiManager {
return false;
}
if (!fessConfig.isAcceptedSearchReferer(request.getHeader("referer"))) {
return false;
}
final String servletPath = request.getServletPath();
return servletPath.startsWith(gsaPathPrefix);
}
@ -93,7 +89,7 @@ public class GsaApiManager extends BaseApiManager implements WebApiManager {
processSearchRequest(request, response, chain);
break;
default:
writeXmlResponse(-1, false, StringUtil.EMPTY, "Not found.");
writeXmlResponse(99, false, StringUtil.EMPTY, "Not found.");
break;
}
}
@ -102,6 +98,11 @@ public class GsaApiManager extends BaseApiManager implements WebApiManager {
final SearchService searchService = ComponentUtil.getComponent(SearchService.class);
final FessConfig fessConfig = ComponentUtil.getFessConfig();
if (!fessConfig.isAcceptedSearchReferer(request.getHeader("referer"))) {
writeXmlResponse(99, false, StringUtil.EMPTY, "Referer is invalid.");
return;
}
int status = 0;
String errMsg = StringUtil.EMPTY;
String query = null;

9
src/main/java/org/codelibs/fess/api/json/JsonApiManager.java
View file

@ -84,10 +84,6 @@ public class JsonApiManager extends BaseJsonApiManager {
}
}
if (!fessConfig.isAcceptedSearchReferer(request.getHeader("referer"))) {
return false;
}
final String servletPath = request.getServletPath();
return servletPath.startsWith(pathPrefix);
}
@ -127,6 +123,11 @@ public class JsonApiManager extends BaseJsonApiManager {
final SearchService searchService = ComponentUtil.getComponent(SearchService.class);
final FessConfig fessConfig = ComponentUtil.getFessConfig();
if (!fessConfig.isAcceptedSearchReferer(request.getHeader("referer"))) {
writeJsonResponse(99, StringUtil.EMPTY, "Referer is invalid.");
return;
}
if (!fessConfig.isApiSearchScroll()) {
writeJsonResponse(99, StringUtil.EMPTY, "Scroll Search is not available.");
return;

10
src/main/java/org/codelibs/fess/api/suggest/SuggestApiManager.java
View file

@ -55,10 +55,6 @@ public class SuggestApiManager extends BaseJsonApiManager {
@Override
public boolean matches(final HttpServletRequest request) {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
if (!fessConfig.isAcceptedSearchReferer(request.getHeader("referer"))) {
return false;
}
final String servletPath = request.getServletPath();
return servletPath.startsWith(pathPrefix);
}
@ -66,6 +62,12 @@ public class SuggestApiManager extends BaseJsonApiManager {
@Override
public void process(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException,
ServletException {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
if (!fessConfig.isAcceptedSearchReferer(request.getHeader("referer"))) {
writeJsonResponse(99, StringUtil.EMPTY, "Referer is invalid.");
return;
}
int status = 0;
String errMsg = StringUtil.EMPTY;
final StringBuilder buf = new StringBuilder(255); // TODO replace response stream