Skip to content

Commit

Permalink
Merge pull request DSpace#9289 from saschaszott/patch-21
Browse files Browse the repository at this point in the history 
Validation of page url in FeedbackRestRepository
  • Loading branch information
@tdonohue
tdonohue authored Apr 30, 2024
2 parents b5b8ce2 + c4cc56a commit 2345ee4
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion ...ce-server-webapp/src/main/java/org/dspace/app/rest/repository/FeedbackRestRepository.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,14 @@ protected FeedbackRest createAndReturn(Context context) throws AuthorizeExceptio
throw new DSpaceBadRequestException("e-mail and message fields are mandatory!");
}

String pageUrl = feedbackRest.getPage();
String urlPrefix = configurationService.getProperty("dspace.ui.url");
if (StringUtils.isNotBlank(pageUrl) && ! StringUtils.startsWith(pageUrl, urlPrefix)) {
throw new DSpaceBadRequestException("unexpected page url was submitted");
}

try {
feedbackService.sendEmail(context, req, recipientEmail, senderEmail, message, feedbackRest.getPage());
feedbackService.sendEmail(context, req, recipientEmail, senderEmail, message, pageUrl);
} catch (IOException | MessagingException e) {
throw new RuntimeException(e.getMessage(), e);
}
Expand Down

0 comments on commit 2345ee4

Please sign in to comment.