From 60171270c79bf4be5dac03ec35c97586c97ea5e6 Mon Sep 17 00:00:00 2001
From: David Benson <david@draw.io>
Date: Mon, 17 Oct 2022 18:14:55 +0100
Subject: [PATCH] Blocks recursive proxy calls

https://huntr.dev/bounties/d383a6b8-b12a-4893-9b8f-8df18ec679c3/
---
 src/main/java/com/mxgraph/online/ProxyServlet.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/main/java/com/mxgraph/online/ProxyServlet.java b/src/main/java/com/mxgraph/online/ProxyServlet.java
index 90de9d6fe2..1223f1e84f 100644
--- a/src/main/java/com/mxgraph/online/ProxyServlet.java
+++ b/src/main/java/com/mxgraph/online/ProxyServlet.java
@@ -78,6 +78,12 @@ else if (Utils.sanitizeUrl(urlParam))
 
 			try(OutputStream out = response.getOutputStream())
 			{
+				if ("draw.io".equals(ua))
+				{
+					log.log(Level.SEVERE, "Infinite loop detected, proxy should not call itself");
+					throw new UnsupportedContentException();
+				}
+
 				request.setCharacterEncoding("UTF-8");
 				response.setCharacterEncoding("UTF-8");