in src/main/java/org/apache/sling/servlets/post/impl/SlingPostServlet.java [407:462]
protected String getRedirectUrl(final SlingHttpServletRequest request, final PostResponse ctx) {
// redirect param has priority (but see below, magic star)
String result = request.getParameter(SlingPostConstants.RP_REDIRECT_TO);
if (result != null) {
try {
URI redirectUri = new URI(result);
if (redirectUri.getAuthority() != null) {
// if it has a host information
log.warn("redirect target ({}) does include host information ({}). This is not allowed for security reasons!", result, redirectUri.getAuthority());
return null;
}
} catch (URISyntaxException e) {
log.warn("given redirect target ({}) is not a valid uri: {}", result, e);
return null;
}
log.debug("redirect requested as [{}] for path [{}]", result, ctx.getPath());
// redirect to created/modified Resource
final int star = result.indexOf('*');
if (star >= 0 && ctx.getPath() != null) {
final StringBuilder buf = new StringBuilder();
// anything before the star
if (star > 0) {
buf.append(result.substring(0, star));
}
// append the name of the manipulated node
buf.append(ResourceUtil.getName(ctx.getPath()));
// anything after the star
if (star < result.length() - 1) {
buf.append(result.substring(star + 1));
}
// Prepend request path if it ends with create suffix and result isn't absolute
final String requestPath = request.getPathInfo();
if (requestPath.endsWith(SlingPostConstants.DEFAULT_CREATE_SUFFIX) && buf.charAt(0) != '/' &&
!REDIRECT_WITH_SCHEME_PATTERN.matcher(buf).matches()) {
buf.insert(0, requestPath);
}
// use the created path as the redirect result
result = buf.toString();
} else if (result.endsWith(SlingPostConstants.DEFAULT_CREATE_SUFFIX)) {
// if the redirect has a trailing slash, append modified node
// name
result = result.concat(ResourceUtil.getName(ctx.getPath()));
}
log.debug("Will redirect to {}", result);
}
return result;
}