Skip to content

Commit

Permalink
Merge pull request #9518 from DSpace/backport-9289-to-dspace-7_x
Browse files Browse the repository at this point in the history 
[Port dspace-7_x] Validation of page url in FeedbackRestRepository
  • Loading branch information
@tdonohue
tdonohue committed Apr 30, 2024
2 parents 4636410 + 0cfe4ae commit aafc111
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions ...ce-server-webapp/src/main/java/org/dspace/app/rest/repository/FeedbackRestRepository.java
View file
Expand Up @@ -79,8 +79,14 @@ protected FeedbackRest createAndReturn(Context context) throws AuthorizeExceptio
throw new DSpaceBadRequestException("e-mail and message fields are mandatory!");
}

String pageUrl = feedbackRest.getPage();
String urlPrefix = configurationService.getProperty("dspace.ui.url");
if (StringUtils.isNotBlank(pageUrl) && ! StringUtils.startsWith(pageUrl, urlPrefix)) {
throw new DSpaceBadRequestException("unexpected page url was submitted");
}

try {
feedbackService.sendEmail(context, req, recipientEmail, senderEmail, message, feedbackRest.getPage());
feedbackService.sendEmail(context, req, recipientEmail, senderEmail, message, pageUrl);
} catch (IOException | MessagingException e) {
throw new RuntimeException(e.getMessage(), e);
}
Expand All @@ -100,4 +106,4 @@ public void setFeedbackService(FeedbackService feedbackService) {
this.feedbackService = feedbackService;
}

}
}

0 comments on commit aafc111

Please sign in to comment.