import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpProtocolParams;
+import java.awt.color.CMMException;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
-import java.net.SocketException;
import java.net.URI;
import java.net.URISyntaxException;
-import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
*/
public final class DecodeServlet extends HttpServlet {
+ // No real reason to let people upload more than a 2MB image
private static final long MAX_IMAGE_SIZE = 2000000L;
+ // No real reason to deal with more than maybe 2 megapixels
+ private static final int MAX_PIXELS = 1 << 21;
private static final Logger log = Logger.getLogger(DecodeServlet.class.getName());
static {
HINTS = new Hashtable<DecodeHintType, Object>(5);
HINTS.put(DecodeHintType.TRY_HARDER, Boolean.TRUE);
- Collection<BarcodeFormat> possibleFormats = new Vector<BarcodeFormat>();
+ Collection<BarcodeFormat> possibleFormats = new Vector<BarcodeFormat>(17);
possibleFormats.add(BarcodeFormat.UPC_A);
possibleFormats.add(BarcodeFormat.UPC_E);
possibleFormats.add(BarcodeFormat.EAN_8);
possibleFormats.add(BarcodeFormat.EAN_13);
possibleFormats.add(BarcodeFormat.CODE_39);
+ possibleFormats.add(BarcodeFormat.CODE_93);
possibleFormats.add(BarcodeFormat.CODE_128);
+ //possibleFormats.add(BarcodeFormat.CODABAR);
possibleFormats.add(BarcodeFormat.ITF);
possibleFormats.add(BarcodeFormat.RSS14);
possibleFormats.add(BarcodeFormat.QR_CODE);
throws ServletException, IOException {
String imageURIString = request.getParameter("u");
if (imageURIString == null || imageURIString.length() == 0) {
+ log.fine("URI was empty");
response.sendRedirect("badurl.jspx");
return;
}
+ imageURIString = imageURIString.trim();
+
if (!(imageURIString.startsWith("http://") || imageURIString.startsWith("https://"))) {
imageURIString = "http://" + imageURIString;
}
try {
imageURI = new URI(imageURIString);
} catch (URISyntaxException urise) {
+ log.fine("URI was not valid: " + imageURIString);
response.sendRedirect("badurl.jspx");
return;
}
getResponse = client.execute(getRequest);
} catch (IllegalArgumentException iae) {
// Thrown if hostname is bad or null
+ log.fine(iae.toString());
getRequest.abort();
response.sendRedirect("badurl.jspx");
return;
- } catch (SocketException se) {
- // Thrown if hostname is bad or null
- getRequest.abort();
- response.sendRedirect("badurl.jspx");
- return;
- } catch (UnknownHostException uhe) {
+ } catch (IOException ioe) {
+ // Encompasses lots of stuff, including
+ // java.net.SocketException, java.net.UnknownHostException,
+ // javax.net.ssl.SSLPeerUnverifiedException,
+ // org.apache.http.NoHttpResponseException,
+ // org.apache.http.client.ClientProtocolException,
+ log.fine(ioe.toString());
getRequest.abort();
response.sendRedirect("badurl.jspx");
return;
}
if (getResponse.getStatusLine().getStatusCode() != HttpServletResponse.SC_OK) {
+ log.fine("Unsuccessful return code: " + getResponse.getStatusLine().getStatusCode());
response.sendRedirect("badurl.jspx");
return;
}
if (!isSizeOK(getResponse)) {
+ log.fine("Too large");
response.sendRedirect("badimage.jspx");
return;
}
throws ServletException, IOException {
if (!ServletFileUpload.isMultipartContent(request)) {
+ log.fine("File upload was not multipart");
response.sendRedirect("badimage.jspx");
return;
}
is.close();
}
} else {
+ log.fine("Too large");
response.sendRedirect("badimage.jspx");
}
break;
}
}
} catch (FileUploadException fue) {
+ log.fine(fue.toString());
response.sendRedirect("badimage.jspx");
}
private static void processStream(InputStream is, ServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
- BufferedImage image = ImageIO.read(is);
+ BufferedImage image;
+ try {
+ image = ImageIO.read(is);
+ } catch (IOException ioe) {
+ log.fine(ioe.toString());
+ // Includes javax.imageio.IIOException
+ response.sendRedirect("badimage.jspx");
+ return;
+ } catch (CMMException cmme) {
+ log.fine(cmme.toString());
+ // Have seen this in logs
+ response.sendRedirect("badimage.jspx");
+ return;
+ } catch (IllegalArgumentException iae) {
+ log.fine(iae.toString());
+ // Have seen this in logs for some JPEGs
+ response.sendRedirect("badimage.jspx");
+ return;
+ }
if (image == null) {
+ response.sendRedirect("badimage.jspx");
+ return;
+ }
+ if (image.getHeight() <= 1 || image.getWidth() <= 1 ||
+ image.getHeight() * image.getWidth() > MAX_PIXELS) {
+ log.fine("Dimensions too large: " + image.getWidth() + 'x' + image.getHeight());
response.sendRedirect("badimage.jspx");
return;
}