From 7d893373d64dec6f6d0e2a26d99ad15790a845ee Mon Sep 17 00:00:00 2001
From: k-tamura <ktamura.biz.80@gmail.com>
Date: Sun, 28 May 2017 23:32:13 +0900
Subject: [PATCH] Improve logic of null case

---
 .../vulnerabilities/OpenRedirectServlet.java         | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java
index 2cbb0558..586eca0a 100644
--- a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java
+++ b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OpenRedirectServlet.java
@@ -59,13 +59,13 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
             session.setAttribute("userid", userid);
             
             String gotoUrl = request.getParameter("goto");
-            try {
-                URL u = new URL(gotoUrl);
-                gotoUrl = u.toURI().toString();
-            } catch (Exception e) {
-                log.warn("Invalid goto Url: {}", gotoUrl);
-            }
             if (gotoUrl != null) {
+                try {
+                    URL u = new URL(gotoUrl);
+                    gotoUrl = u.toURI().toString();
+                } catch (Exception e) {
+                    log.warn("Invalid goto Url: {}", gotoUrl);
+                }
                 response.sendRedirect(gotoUrl);
             } else {
                 String target = (String) session.getAttribute("target");