From 4ef61b8ede273d2967f15b82fc248460604e3eab Mon Sep 17 00:00:00 2001 From: Vladimir Kotal Date: Fri, 29 Aug 2025 11:14:15 +0200 Subject: [PATCH 1/2] simplify, fix nits --- opengrok-web/src/main/webapp/opensearch.jsp | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/opengrok-web/src/main/webapp/opensearch.jsp b/opengrok-web/src/main/webapp/opensearch.jsp index 4fb23df2900..b25aae20edc 100644 --- a/opengrok-web/src/main/webapp/opensearch.jsp +++ b/opengrok-web/src/main/webapp/opensearch.jsp @@ -18,7 +18,7 @@ information: Portions Copyright [yyyy] [name of copyright owner] CDDL HEADER END -Copyright (c) 2009, 2022, Oracle and/or its affiliates. All rights reserved. +Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved. Portions Copyright 2011 Jens Elkner. Portions Copyright (c) 2018, 2020, Chris Fraire . @@ -45,21 +45,16 @@ include file="/projects.jspf" // Optimize for URLs up to 128 characters. StringBuilder url = new StringBuilder(128); - String scheme = request.getScheme(); - int port = request.getServerPort(); - + final String scheme = request.getScheme(); url.append(scheme).append("://"); - - String serverName = cfg.getServerName(); - url.append(serverName); + url.append(cfg.getServerName()); // Append port if needed. + int port = request.getServerPort(); if ((port != 80 && scheme.equals("http")) || (port != 443 && scheme.equals("https"))) { url.append(':').append(port); } - String imgUrl = url + cfg.getCssDir() + "/img/icon.png"; - /* TODO Bug 11749 ??? */ StringBuilder text = new StringBuilder(); url.append(request.getContextPath()).append(Prefix.SEARCH_P).append('?'); @@ -68,15 +63,15 @@ include file="/projects.jspf" text.append(name).append(','); Util.appendQuery(url, QueryParameters.PROJECT_SEARCH_PARAM, name); } - if (text.length() != 0) { - text.setLength(text.length()-1); + if (!text.isEmpty()) { + text.setLength(text.length() - 1); } %> OpenGrok <%= text.toString() %> Search in OpenGrok <%= text.toString() %> UTF-8 - <%= imgUrl %> + <%= url + cfg.getCssDir() + "/img/icon.png" %> <%-- --%> From b04e42572358ebafdf311841fa9dd3df4bb5b36f Mon Sep 17 00:00:00 2001 From: Vladimir Kotal Date: Fri, 29 Aug 2025 11:37:37 +0200 Subject: [PATCH 2/2] launder server name --- .../org/opengrok/indexer/web/Laundromat.java | 9 +++++++++ .../org/opengrok/indexer/web/LaundromatTest.java | 16 ++++++++++++++++ .../main/java/org/opengrok/web/PageConfig.java | 2 +- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Laundromat.java b/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Laundromat.java index 1519ec4dccb..c335cd6c057 100644 --- a/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Laundromat.java +++ b/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Laundromat.java @@ -51,6 +51,15 @@ public static String launderInput(String value) { return replaceAll(value, ESC_N_R_T_F, "_"); } + /** + * Sanitize {@code value} where it will be used in subsequent OpenGrok + * (non-logging) processing. Also allows for IPv6 address URIs with port number. + * @return {@code null} if null or else {@code value} with invalid characters removed and leading dashes stripped + */ + public static String launderServerName(String value) { + return replaceAll(value, "(^\\-*)|[^A-Za-z0-9\\-\\.: \\[\\]]", ""); + } + /** * Sanitize {@code value} where it will be used in subsequent OpenGrok * (non-logging) processing. diff --git a/opengrok-indexer/src/test/java/org/opengrok/indexer/web/LaundromatTest.java b/opengrok-indexer/src/test/java/org/opengrok/indexer/web/LaundromatTest.java index 57be5b1c286..2d2429dcb5e 100644 --- a/opengrok-indexer/src/test/java/org/opengrok/indexer/web/LaundromatTest.java +++ b/opengrok-indexer/src/test/java/org/opengrok/indexer/web/LaundromatTest.java @@ -19,14 +19,19 @@ /* * Copyright (c) 2020, Chris Fraire . + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. */ package org.opengrok.indexer.web; +import org.apache.commons.lang3.tuple.Pair; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; import java.util.Arrays; import java.util.HashMap; import java.util.Map; +import java.util.stream.Stream; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -54,6 +59,17 @@ void launderLog() { assertEquals(TEST_CONTENT_LOG_LAUNDRY, laundry); } + private static Stream> getParamsForTestLaunderServerName() { + return Stream.of(Pair.of("foo.example.com", Laundromat.launderServerName("--foo.example\n.com?=")), + Pair.of("[2001:db8::1]:8080", Laundromat.launderServerName("[2001:db8::1]:8080"))); + } + + @ParameterizedTest + @MethodSource("getParamsForTestLaunderServerName") + void testLaunderServerName(Pair param) { + assertEquals(param.getLeft(), param.getRight()); + } + @Test void launderLogMap() { HashMap testMap = new HashMap<>(); diff --git a/opengrok-web/src/main/java/org/opengrok/web/PageConfig.java b/opengrok-web/src/main/java/org/opengrok/web/PageConfig.java index 6d0c0439ed3..da1e5670c22 100644 --- a/opengrok-web/src/main/java/org/opengrok/web/PageConfig.java +++ b/opengrok-web/src/main/java/org/opengrok/web/PageConfig.java @@ -1483,7 +1483,7 @@ public String getServerName() { if (env.getServerName() != null) { return env.getServerName(); } else { - return req.getServerName(); + return Laundromat.launderServerName(req.getServerName()); } }