Better input validation in *Store.createUri()
This commit is contained in:
parent
7a9c747db9
commit
b05750c245
4 changed files with 40 additions and 15 deletions
|
@ -237,7 +237,8 @@ public class ImapStore extends Store {
|
||||||
String passwordEnc;
|
String passwordEnc;
|
||||||
try {
|
try {
|
||||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
||||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
passwordEnc = (server.password != null) ?
|
||||||
|
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||||
}
|
}
|
||||||
catch (UnsupportedEncodingException e) {
|
catch (UnsupportedEncodingException e) {
|
||||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||||
|
@ -263,7 +264,15 @@ public class ImapStore extends Store {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
String userInfo = server.authenticationType + ":" + userEnc + ":" + passwordEnc;
|
AuthType authType;
|
||||||
|
try {
|
||||||
|
authType = AuthType.valueOf(server.authenticationType);
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new IllegalArgumentException("Invalid authentication type: " +
|
||||||
|
server.authenticationType);
|
||||||
|
}
|
||||||
|
|
||||||
|
String userInfo = authType.toString() + ":" + userEnc + ":" + passwordEnc;
|
||||||
try {
|
try {
|
||||||
Map<String, String> extra = server.getExtra();
|
Map<String, String> extra = server.getExtra();
|
||||||
String prefix = (extra != null) ? extra.get(ImapStoreSettings.PATH_PREFIX_KEY) : null;
|
String prefix = (extra != null) ? extra.get(ImapStoreSettings.PATH_PREFIX_KEY) : null;
|
||||||
|
|
|
@ -121,7 +121,8 @@ public class Pop3Store extends Store {
|
||||||
String passwordEnc;
|
String passwordEnc;
|
||||||
try {
|
try {
|
||||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
||||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
passwordEnc = (server.password != null) ?
|
||||||
|
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||||
}
|
}
|
||||||
catch (UnsupportedEncodingException e) {
|
catch (UnsupportedEncodingException e) {
|
||||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||||
|
|
|
@ -203,7 +203,8 @@ public class WebDavStore extends Store {
|
||||||
String passwordEnc;
|
String passwordEnc;
|
||||||
try {
|
try {
|
||||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
||||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
passwordEnc = (server.password != null) ?
|
||||||
|
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||||
}
|
}
|
||||||
catch (UnsupportedEncodingException e) {
|
catch (UnsupportedEncodingException e) {
|
||||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||||
|
@ -229,15 +230,22 @@ public class WebDavStore extends Store {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
Map<String, String> extra = server.getExtra();
|
|
||||||
String userInfo = userEnc + ":" + passwordEnc;
|
String userInfo = userEnc + ":" + passwordEnc;
|
||||||
|
|
||||||
|
String uriPath;
|
||||||
|
Map<String, String> extra = server.getExtra();
|
||||||
|
if (extra != null) {
|
||||||
String path = extra.get(WebDavStoreSettings.PATH_KEY);
|
String path = extra.get(WebDavStoreSettings.PATH_KEY);
|
||||||
path = (path != null) ? path : "";
|
path = (path != null) ? path : "";
|
||||||
String authPath = extra.get(WebDavStoreSettings.AUTH_PATH_KEY);
|
String authPath = extra.get(WebDavStoreSettings.AUTH_PATH_KEY);
|
||||||
authPath = (authPath != null) ? authPath : "";
|
authPath = (authPath != null) ? authPath : "";
|
||||||
String mailboxPath = extra.get(WebDavStoreSettings.MAILBOX_PATH_KEY);
|
String mailboxPath = extra.get(WebDavStoreSettings.MAILBOX_PATH_KEY);
|
||||||
mailboxPath = (mailboxPath != null) ? mailboxPath : "";
|
mailboxPath = (mailboxPath != null) ? mailboxPath : "";
|
||||||
String uriPath = path + "|" + authPath + "|" + mailboxPath;
|
uriPath = path + "|" + authPath + "|" + mailboxPath;
|
||||||
|
} else {
|
||||||
|
uriPath = "||";
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return new URI(scheme, userInfo, server.host, server.port, uriPath,
|
return new URI(scheme, userInfo, server.host, server.port, uriPath,
|
||||||
null, null).toString();
|
null, null).toString();
|
||||||
|
|
|
@ -129,8 +129,10 @@ public class SmtpTransport extends Transport {
|
||||||
String userEnc;
|
String userEnc;
|
||||||
String passwordEnc;
|
String passwordEnc;
|
||||||
try {
|
try {
|
||||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
userEnc = (server.username != null) ?
|
||||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
URLEncoder.encode(server.username, "UTF-8") : "";
|
||||||
|
passwordEnc = (server.password != null) ?
|
||||||
|
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||||
}
|
}
|
||||||
catch (UnsupportedEncodingException e) {
|
catch (UnsupportedEncodingException e) {
|
||||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||||
|
@ -156,7 +158,12 @@ public class SmtpTransport extends Transport {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
String userInfo = userEnc + ":" + passwordEnc + ":" + server.authenticationType;
|
String authType = server.authenticationType;
|
||||||
|
if (!"CRAM_MD5".equals(authType) && !"PLAIN".equals(authType)) {
|
||||||
|
throw new IllegalArgumentException("Invalid authentication type: " + authType);
|
||||||
|
}
|
||||||
|
|
||||||
|
String userInfo = userEnc + ":" + passwordEnc + ":" + authType;
|
||||||
try {
|
try {
|
||||||
return new URI(scheme, userInfo, server.host, server.port, null, null,
|
return new URI(scheme, userInfo, server.host, server.port, null, null,
|
||||||
null).toString();
|
null).toString();
|
||||||
|
|
Loading…
Reference in a new issue