XSS checkReturnUrl Debug 추가
This commit is contained in:
@@ -38,9 +38,9 @@ public class CrossScriptingFilter implements Filter {
|
|||||||
String servletPath = request.getServletPath();
|
String servletPath = request.getServletPath();
|
||||||
String baseUrl = uri.replace(servletPath, "");
|
String baseUrl = uri.replace(servletPath, "");
|
||||||
boolean isValidUrl = returnUrl.startsWith(baseUrl);
|
boolean isValidUrl = returnUrl.startsWith(baseUrl);
|
||||||
// System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath);
|
System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath);
|
||||||
// System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl);
|
System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl);
|
||||||
// System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl);
|
System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl);
|
||||||
return isValidUrl;
|
return isValidUrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -52,7 +52,7 @@ public class CrossScriptingFilter implements Filter {
|
|||||||
String returnUrl = (String)request.getParameter("returnUrl");
|
String returnUrl = (String)request.getParameter("returnUrl");
|
||||||
if(returnUrl != null) {
|
if(returnUrl != null) {
|
||||||
if(!checkReturnUrl(request, returnUrl)) {
|
if(!checkReturnUrl(request, returnUrl)) {
|
||||||
System.out.println("CrossScriptingFilter] bad request. - " + returnUrl);
|
System.out.println("[CrossScriptingFilter] bad request. - " + returnUrl);
|
||||||
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "bad request. - "+returnUrl);
|
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "bad request. - "+returnUrl);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user