CSRFUtil.java
1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
/*
* Decompiled with CFR 0_118.
*
* Could not load the following classes:
* javax.servlet.http.HttpServletRequest
*/
package com.day.crx.explorer.impl.util;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
public class CSRFUtil {
public static boolean testReferer(HttpServletRequest request, String[] allowedPaths, boolean testPort) {
boolean testPassed;
block5 : {
testPassed = false;
if (request != null && request.getHeader("Referer") != null) {
try {
int refererPort;
URL referer = new URL(request.getHeader("Referer"));
int n = refererPort = referer.getPort() == -1 ? referer.getDefaultPort() : referer.getPort();
if (!referer.getHost().equals(request.getServerName()) || testPort && refererPort != request.getServerPort()) break block5;
if (allowedPaths == null || allowedPaths.length == 0) {
testPassed = true;
break block5;
}
for (String allowedPath : allowedPaths) {
allowedPath = request.getContextPath() + allowedPath;
if (!allowedPath.equals(referer.getPath())) continue;
testPassed = true;
break;
}
}
catch (MalformedURLException e) {
// empty catch block
}
}
}
return testPassed;
}
public static boolean testReferer(HttpServletRequest request, String[] allowedPaths) {
return CSRFUtil.testReferer(request, allowedPaths, false);
}
}