Better input validation in *Store.createUri()
This commit is contained in:
parent
7a9c747db9
commit
b05750c245
4 changed files with 40 additions and 15 deletions
|
@ -237,7 +237,8 @@ public class ImapStore extends Store {
|
|||
String passwordEnc;
|
||||
try {
|
||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
||||
passwordEnc = (server.password != null) ?
|
||||
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||
}
|
||||
catch (UnsupportedEncodingException e) {
|
||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||
|
@ -263,7 +264,15 @@ public class ImapStore extends Store {
|
|||
break;
|
||||
}
|
||||
|
||||
String userInfo = server.authenticationType + ":" + userEnc + ":" + passwordEnc;
|
||||
AuthType authType;
|
||||
try {
|
||||
authType = AuthType.valueOf(server.authenticationType);
|
||||
} catch (Exception e) {
|
||||
throw new IllegalArgumentException("Invalid authentication type: " +
|
||||
server.authenticationType);
|
||||
}
|
||||
|
||||
String userInfo = authType.toString() + ":" + userEnc + ":" + passwordEnc;
|
||||
try {
|
||||
Map<String, String> extra = server.getExtra();
|
||||
String prefix = (extra != null) ? extra.get(ImapStoreSettings.PATH_PREFIX_KEY) : null;
|
||||
|
|
|
@ -121,7 +121,8 @@ public class Pop3Store extends Store {
|
|||
String passwordEnc;
|
||||
try {
|
||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
||||
passwordEnc = (server.password != null) ?
|
||||
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||
}
|
||||
catch (UnsupportedEncodingException e) {
|
||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||
|
|
|
@ -203,7 +203,8 @@ public class WebDavStore extends Store {
|
|||
String passwordEnc;
|
||||
try {
|
||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
||||
passwordEnc = (server.password != null) ?
|
||||
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||
}
|
||||
catch (UnsupportedEncodingException e) {
|
||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||
|
@ -229,15 +230,22 @@ public class WebDavStore extends Store {
|
|||
break;
|
||||
}
|
||||
|
||||
Map<String, String> extra = server.getExtra();
|
||||
String userInfo = userEnc + ":" + passwordEnc;
|
||||
|
||||
String uriPath;
|
||||
Map<String, String> extra = server.getExtra();
|
||||
if (extra != null) {
|
||||
String path = extra.get(WebDavStoreSettings.PATH_KEY);
|
||||
path = (path != null) ? path : "";
|
||||
String authPath = extra.get(WebDavStoreSettings.AUTH_PATH_KEY);
|
||||
authPath = (authPath != null) ? authPath : "";
|
||||
String mailboxPath = extra.get(WebDavStoreSettings.MAILBOX_PATH_KEY);
|
||||
mailboxPath = (mailboxPath != null) ? mailboxPath : "";
|
||||
String uriPath = path + "|" + authPath + "|" + mailboxPath;
|
||||
uriPath = path + "|" + authPath + "|" + mailboxPath;
|
||||
} else {
|
||||
uriPath = "||";
|
||||
}
|
||||
|
||||
try {
|
||||
return new URI(scheme, userInfo, server.host, server.port, uriPath,
|
||||
null, null).toString();
|
||||
|
|
|
@ -129,8 +129,10 @@ public class SmtpTransport extends Transport {
|
|||
String userEnc;
|
||||
String passwordEnc;
|
||||
try {
|
||||
userEnc = URLEncoder.encode(server.username, "UTF-8");
|
||||
passwordEnc = URLEncoder.encode(server.password, "UTF-8");
|
||||
userEnc = (server.username != null) ?
|
||||
URLEncoder.encode(server.username, "UTF-8") : "";
|
||||
passwordEnc = (server.password != null) ?
|
||||
URLEncoder.encode(server.password, "UTF-8") : "";
|
||||
}
|
||||
catch (UnsupportedEncodingException e) {
|
||||
throw new IllegalArgumentException("Could not encode username or password", e);
|
||||
|
@ -156,7 +158,12 @@ public class SmtpTransport extends Transport {
|
|||
break;
|
||||
}
|
||||
|
||||
String userInfo = userEnc + ":" + passwordEnc + ":" + server.authenticationType;
|
||||
String authType = server.authenticationType;
|
||||
if (!"CRAM_MD5".equals(authType) && !"PLAIN".equals(authType)) {
|
||||
throw new IllegalArgumentException("Invalid authentication type: " + authType);
|
||||
}
|
||||
|
||||
String userInfo = userEnc + ":" + passwordEnc + ":" + authType;
|
||||
try {
|
||||
return new URI(scheme, userInfo, server.host, server.port, null, null,
|
||||
null).toString();
|
||||
|
|
Loading…
Reference in a new issue