in app/src/main/java/org/apache/roller/weblogger/ui/rendering/servlets/PageServlet.java [586:678]
private boolean processReferrer(HttpServletRequest request) {
log.debug("processing referrer for " + request.getRequestURI());
// bleh! because ref processing does a flush it will close
// our hibernate session and cause lazy init exceptions on
// objects we have fetched, so we need to use a separate
// page request object for this
WeblogPageRequest pageRequest;
try {
pageRequest = new WeblogPageRequest(request);
} catch (InvalidRequestException ex) {
return false;
}
// if this came from site-wide frontpage then skip it
if (WebloggerRuntimeConfig.isSiteWideWeblog(pageRequest
.getWeblogHandle())) {
return false;
}
// if this came from a robot then don't process it
if (robotPattern != null) {
String userAgent = request.getHeader("User-Agent");
if (userAgent != null && userAgent.length() > 0
&& robotPattern.matcher(userAgent).matches()) {
log.debug("skipping referrer from robot");
return false;
}
}
String referrerUrl = null;
String[] schemes = {"http", "https"};
UrlValidator urlValidator = new UrlValidator(schemes);
if (urlValidator.isValid(request.getHeader("Referer"))) {
referrerUrl = request.getHeader("Referer");
}
log.debug("referrer = " + referrerUrl);
StringBuffer reqsb = request.getRequestURL();
if (request.getQueryString() != null) {
reqsb.append("?");
reqsb.append(request.getQueryString());
}
String requestUrl = reqsb.toString();
// if this came from persons own blog then don't process it
String selfSiteFragment = "/" + pageRequest.getWeblogHandle();
if (referrerUrl != null && referrerUrl.contains(selfSiteFragment)) {
log.debug("skipping referrer from own blog");
return false;
}
// validate the referrer
if (pageRequest.getWeblogHandle() != null) {
// Base page URLs, with and without www.
String basePageUrlWWW = WebloggerRuntimeConfig
.getAbsoluteContextURL()
+ "/"
+ pageRequest.getWeblogHandle();
String basePageUrl = basePageUrlWWW;
if (basePageUrlWWW.startsWith("http://www.")) {
// chop off the http://www.
basePageUrl = "http://" + basePageUrlWWW.substring(11);
}
// ignore referrers coming from users own blog
if (referrerUrl == null
|| (!referrerUrl.startsWith(basePageUrl) && !referrerUrl
.startsWith(basePageUrlWWW))) {
// validate the referrer
if (referrerUrl != null) {
// treat editor referral as direct
int lastSlash = requestUrl.indexOf('/', 8);
if (lastSlash == -1) {
lastSlash = requestUrl.length();
}
String requestSite = requestUrl.substring(0, lastSlash);
return !(referrerUrl.startsWith(requestSite)
&& referrerUrl.indexOf(".rol") >= requestSite.length())
&& BannedwordslistChecker.checkReferrer(pageRequest.getWeblog(), referrerUrl);
}
} else {
log.debug("Ignoring referer = " + referrerUrl);
return false;
}
}
return false;
}