in src/main/java/org/apache/sling/servlets/post/impl/SlingPostServlet.java [444:503]
protected String getRedirectUrl(final SlingJakartaHttpServletRequest request, final JakartaPostResponse ctx) {
// redirect param has priority (but see below, magic star)
String result = request.getParameter(SlingPostConstants.RP_REDIRECT_TO);
if (result != null) {
try {
URI redirectUri = new URI(result);
if (redirectUri.getAuthority() != null) {
// if it has a host information
log.warn(
"redirect target ({}) does include host information ({}). This is not allowed for security reasons!",
result,
redirectUri.getAuthority());
return null;
}
} catch (URISyntaxException e) {
log.warn("given redirect target ({}) is not a valid uri: {}", result, e);
return null;
}
log.debug("redirect requested as [{}] for path [{}]", result, ctx.getPath());
// redirect to created/modified Resource
final int star = result.indexOf('*');
if (star >= 0 && ctx.getPath() != null) {
final StringBuilder buf = new StringBuilder();
// anything before the star
if (star > 0) {
buf.append(result.substring(0, star));
}
// append the name of the manipulated node
buf.append(ResourceUtil.getName(ctx.getPath()));
// anything after the star
if (star < result.length() - 1) {
buf.append(result.substring(star + 1));
}
// Prepend request path if it ends with create suffix and result isn't absolute
final String requestPath = request.getPathInfo();
if (requestPath.endsWith(SlingPostConstants.DEFAULT_CREATE_SUFFIX)
&& buf.charAt(0) != '/'
&& !REDIRECT_WITH_SCHEME_PATTERN.matcher(buf).matches()) {
buf.insert(0, requestPath);
}
// use the created path as the redirect result
result = buf.toString();
} else if (result.endsWith(SlingPostConstants.DEFAULT_CREATE_SUFFIX)) {
// if the redirect has a trailing slash, append modified node
// name
result = result.concat(ResourceUtil.getName(ctx.getPath()));
}
log.debug("Will redirect to {}", result);
}
return result;
}