/**********************************************************************************
* $URL: https://source.sakaiproject.org/svn/portal/trunk/portal-util/util/src/java/org/sakaiproject/portal/util/URLUtils.java $
* $Id: URLUtils.java 128674 2013-08-20 15:14:33Z csev@umich.edu $
***********************************************************************************
*
* Copyright (c) 2006, 2007, 2008 The Sakai Foundation
*
* Licensed under the Educational Community License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.opensource.org/licenses/ECL-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
**********************************************************************************/
package org.sakaiproject.portal.util;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* @author ieb
* @since Sakai 2.4
* @version $Rev: 128674 $
*/
public class URLUtils
{
/**
* Our log (commons).
*/
private static Log M_log = LogFactory.getLog(URLUtils.class);
public static String addParameter(String URL, String name, String value)
{
int qpos = URL.indexOf('?');
int hpos = URL.indexOf('#');
char sep = qpos == -1 ? '?' : '&';
String seg = sep + encodeUrl(name) + '=' + encodeUrl(value);
return hpos == -1 ? URL + seg : URL.substring(0, hpos) + seg
+ URL.substring(hpos);
}
/**
* The same behaviour as Web.escapeUrl, only without the "funky encoding" of
* the characters ? and ; (uses JDK URLEncoder directly).
*
* @param toencode
* The string to encode.
* @return <code>toencode</code> fully escaped using URL rules.
*/
public static String encodeUrl(String url)
{
try
{
return URLEncoder.encode(url, "UTF-8");
}
catch (UnsupportedEncodingException uee)
{
throw new IllegalArgumentException(uee);
}
}
/**
* The sanitize the req.getPathInfo() information.
*
* @param req
* The current servlet request
* @return <code>safePathInfo</code> sanitized pathInfo
*/
// The characters we should never expect to see in a pathInfo
public static String BAD_PATH_URL_CHARS = "\"'<>&";
public static String getSafePathInfo(HttpServletRequest req)
{
String pathInfo = req.getPathInfo();
if ( pathInfo == null ) return null;
String newPathInfo = pathInfo;
for (int i =0; i < pathInfo.length() - 1; i++) {
if (BAD_PATH_URL_CHARS.indexOf(pathInfo.charAt(i)) >= 0) {
newPathInfo = pathInfo.substring(0,i);
break;
}
}
if (! newPathInfo.equals(pathInfo) ) {
String ipAddress = req.getRemoteAddr();
M_log.warn("Truncated pathInfo IP="+ipAddress+" from "+pathInfo+" to "+newPathInfo);
}
return newPathInfo;
}
}