Fixed: Reject wrong URLs (OFBIZ-13006)

Some URLs need to be rejected before they create problems

Author: JacquesLeRoux

framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java

@@ -134,6 +134,16 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             // get the request URI without the webapp mount point
             String requestUri = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());
 
+            // Reject wrong URLs
+            try {
+                String url = new URI(req.getRequestURL().toString()).normalize().toString();
+                if (!req.getRequestURL().toString().equals(url)) {
+                    throw new RuntimeException();
+                }
+            } catch (URISyntaxException e) {
+                throw new RuntimeException(e);
+            }
+
             // normalize to remove ".." special name usage to bypass webapp filter
             try {
                 requestUri = new URI(requestUri).normalize().toString();