This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new 222bf3cdd4 Improved: Prevent URL parameters manipulation (OFBIZ-13147)
222bf3cdd4 is described below
commit 222bf3cdd4b6bc533f7d99bd261b5147cd4557f8
Author: Jacques Le Roux <[email protected]>
AuthorDate: Thu Oct 24 21:38:11 2024 +0200
Improved: Prevent URL parameters manipulation (OFBIZ-13147)
Fixes a "typo"
---
.../src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index a4c0e59400..8c9ebb3810 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -172,7 +172,7 @@ public class ControlFilter extends HttpFilter {
String queryString = req.getQueryString();
if (queryString != null) {
queryString = URLDecoder.decode(queryString, "UTF-8");
- if (UtilValidate.isUrlInString(queryString)
+ if (UtilValidate.isUrl(queryString)
|| !SecuredUpload.isValidText(queryString,
Collections.emptyList())
&& isSolrTest()) {
Debug.logError("For security reason this URL is not
accepted", MODULE);
