Skip to content
This repository has been archived by the owner on Jan 12, 2023. It is now read-only.

Commit

Permalink
Accept non-error codes in http validity check.
Browse files Browse the repository at this point in the history
  • Loading branch information
@liuche
liuche committed Dec 8, 2017
1 parent 7842cc0 commit 66db374
Showing 1 changed file with 3 additions and 18 deletions.
21 changes: 3 additions & 18 deletions app/src/main/java/org/mozilla/focus/settings/ManualAddSearchEngineSettingsFragment.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Bundle;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.WorkerThread;
import android.support.design.widget.Snackbar;
Expand Down Expand Up @@ -201,10 +200,7 @@ private static boolean isValidSearchQueryURL(final String query) {
// TODO: we should share the code to substitute and normalize the search string (see SearchEngine.buildSearchUrl).
final String encodedTestQuery = Uri.encode("test");

// We enforce HTTPS because some search engines will redirect http queries to https, which our
// validation (a 200 check) will fail, and since most search engines should support HTTPS, we
// try to be safer by defaulting to it.
final String normalizedHttpsSearchURLStr = enforceHTTPS(UrlUtils.normalize(query));
final String normalizedHttpsSearchURLStr = UrlUtils.normalize(query);
final String searchURLStr = normalizedHttpsSearchURLStr.replaceAll("%s", encodedTestQuery);

final URL searchURL;
Expand All @@ -222,9 +218,8 @@ private static boolean isValidSearchQueryURL(final String query) {
connection.setConnectTimeout(SEARCH_QUERY_VALIDATION_TIMEOUT_MILLIS);
connection.setReadTimeout(SEARCH_QUERY_VALIDATION_TIMEOUT_MILLIS);

// Checking for 200 is not perfect - what if a search engine redirects us? -
// but we're in a rush and it's good enough for now.
return connection.getResponseCode() == 200;
// A non-error HTTP response is good enough as a sanity check, some search engines redirect to https.
return connection.getResponseCode() < 400;

} catch (final IOException e) {
// Don't log exception to avoid leaking URL.
Expand All @@ -239,14 +234,4 @@ private static boolean isValidSearchQueryURL(final String query) {
}
}
}

private static String enforceHTTPS(@NonNull String input) {
if (input.startsWith("https://")) {
return input;
} else if (input.startsWith("http://")) {
return input.replace("http", "https");
} else { // must be non-HTTP url, nothing to do.
return input;
}
}
}

0 comments on commit 66db374

Please sign in to comment.