Marown/yacy_search_server
1
0
Fork 0
mirror of https://github.com/yacy/yacy_search_server.git synced 2024-09-19 00:01:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed bad referer computation in SSIs which causes a NPE during host

Browse Source 
computation. This error was there before the latest IPv6 hack but did
not cause a NPE. The IPv6 hack was not the cause for this bug, but it
discovered the misconfiguration of the 'referer' referrer.
This commit is contained in:
Michael Peter Christen 2012-06-26 11:18:29 +02:00
parent 358b04885e
commit d763e4d94b
5 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source/de/anomic/http/server/HTTPDFileHandler.java
View File

@ -1216,6 +1216,9 @@ public final class HTTPDFileHandler {
} catch (final Exception e) {
try {
// error handling
if (e instanceof NullPointerException) {
Log.logException(e);
}
int httpStatusCode = 400;
final String httpStatusText = null;
final StringBuilder errorMessage = new StringBuilder(2000);

7
source/de/anomic/http/server/ServerSideIncludes.java
View File

@ -43,7 +43,7 @@ public class ServerSideIncludes {
writeSSI(in, 0, out, authorization, requesthost, requestHeader);
}
public static void writeSSI(final ByteBuffer in, int off, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) throws IOException {
private static void writeSSI(final ByteBuffer in, int off, final OutputStream out, final String authorization, final String requesthost, final RequestHeader requestHeader) throws IOException {
int p = in.indexOf(ASCII.getBytes("<!--#"), off);
int q;
while (p >= 0) {
@ -92,9 +92,8 @@ public class ServerSideIncludes {
conProp.put(HeaderFramework.CONNECTION_PROP_HTTP_VER, HeaderFramework.HTTP_VERSION_0_9);
conProp.put(HeaderFramework.CONNECTION_PROP_CLIENTIP, requesthost);
header.put(RequestHeader.AUTHORIZATION, authorization);
if (requestHeader.containsKey(RequestHeader.COOKIE))
header.put(RequestHeader.COOKIE, requestHeader.get(RequestHeader.COOKIE));
header.put(RequestHeader.REFERER, requestHeader.get(HeaderFramework.CONNECTION_PROP_PATH));
if (requestHeader.containsKey(RequestHeader.COOKIE)) header.put(RequestHeader.COOKIE, requestHeader.get(RequestHeader.COOKIE));
header.put(RequestHeader.REFERER, requestHeader.get(RequestHeader.REFERER));
HTTPDFileHandler.doGet(conProp, header, out);
}
}

15
source/net/yacy/cora/document/MultiProtocolURI.java
View File

@ -327,7 +327,7 @@ public class MultiProtocolURI implements Serializable, Comparable<MultiProtocolU
if (relPath.length() > 0 && (relPath.charAt(0) == '#' || relPath.charAt(0) == '?')) {
throw new MalformedURLException("relative path malformed: " + relPath);
}
this.path = baseURL.path + relPath;
if (relPath.startsWith("/")) this.path = baseURL.path + relPath.substring(1); else this.path = baseURL.path + relPath;
} else {
if (relPath.length() > 0 && (relPath.charAt(0) == '#' || relPath.charAt(0) == '?')) {
this.path = baseURL.path + relPath;
@ -574,6 +574,10 @@ public class MultiProtocolURI implements Serializable, Comparable<MultiProtocolU
private void identPort(final String inputURL, final int dflt) throws MalformedURLException {
// identify ref in file
if (this.host == null) {
this.port = dflt;
return;
}
int pss = 0;
int ip6 = this.host.indexOf('[');
if (ip6 >= 0 && ((ip6 = this.host.indexOf("]", ip6)) > 0)) {
@ -710,10 +714,17 @@ public class MultiProtocolURI implements Serializable, Comparable<MultiProtocolU
}
public String getHost() {
return (this.host.charAt(0) == '[' && this.host.charAt(this.host.length() - 1) == ']') ? this.host.substring(1, this.host.length() - 1) : this.host;
if (this.host == null) return null;
if (this.host.charAt(0) == '[') {
int p = this.host.indexOf(']');
if (p < 0) return this.host;
return this.host.substring(1, p);
}
return this.host;
}
public String getTLD() {
if (this.host == null) return "";
int p = this.host.lastIndexOf('.');
if (p < 0) return "";
return this.host.substring(p + 1);

8
source/net/yacy/cora/protocol/Domains.java
View File

@ -911,10 +911,10 @@ public class Domains {
return (noLocalCheck || // DO NOT REMOVE THIS! it is correct to return true if the check is off
"127.0.0.1".equals(host) ||
"localhost".equals(host) ||
host.startsWith("0:0:0:0:0:0:0:1") ||
host.startsWith("fe80:0:0:0:0:0:0:1") || // used by my mac as localhost
host.startsWith("::1/") ||
"::1".equals(host)
host.startsWith("0:0:0:0:0:0:0:1") || host.startsWith("[0:0:0:0:0:0:0:1]") ||
host.startsWith("fe80:0:0:0:0:0:0:1") || host.startsWith("[fe80:0:0:0:0:0:0:1]") || // used by my mac as localhost
host.startsWith("::1/") || host.startsWith("[::1/") ||
"::1".equals(host) || "[::1]".equals(host)
);
}

2
source/net/yacy/cora/protocol/RequestHeader.java
View File

@ -50,7 +50,7 @@ public class RequestHeader extends HeaderFramework {
public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
public static final String IF_RANGE = "If-Range";
public static final String REFERER = "Referer";
public static final String REFERER = "Referer"; // a misspelling of referrer that occurs as an HTTP header field. Its defined so in the http protocol, so please don't 'fix' it!
private static final long serialVersionUID = 0L;