- From: Mercurial notifier <nobody@w3.org>
- Date: Mon, 14 Jun 2010 09:22:35 -0400
- To: Unicorn Updates <www-validator-cvs@w3.org>
changeset: 1229:504fd361c616
user: Thomas Gambet <tgambet@w3.org>
date: Sun Jun 13 20:47:25 2010 -0400
files: src/org/w3c/unicorn/input/URIInputParameter.java
description:
restricted validation to public IP
diff -r 864c174ad7b0 -r 504fd361c616 src/org/w3c/unicorn/input/URIInputParameter.java
--- a/src/org/w3c/unicorn/input/URIInputParameter.java Sun Jun 13 20:01:22 2010 -0400
+++ b/src/org/w3c/unicorn/input/URIInputParameter.java Sun Jun 13 20:47:25 2010 -0400
@@ -3,6 +3,7 @@
import java.io.IOException;
import java.net.ConnectException;
import java.net.HttpURLConnection;
+import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.SocketTimeoutException;
import java.net.URL;
@@ -82,6 +83,10 @@
if (!docUrl.getProtocol().equals("http") && !docUrl.getProtocol().equals("https"))
throw new UnicornException(Message.ERROR, "$message_unsupported_protocol", null, docUrl.getProtocol());
+ InetAddress add = InetAddress.getByName(docUrl.getHost());
+ if (add.isSiteLocalAddress() || add.isLoopbackAddress())
+ throw new UnicornException(Message.ERROR, "$message_local_address_provided");
+
HttpURLConnection con = (HttpURLConnection) docUrl.openConnection();
con.setConnectTimeout(connectTimeOut);
con.setRequestMethod("HEAD");
Received on Monday, 14 June 2010 13:25:16 UTC