package org.thymeleaf.spring5.util;

import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import org.thymeleaf.exceptions.TemplateProcessingException;
import org.thymeleaf.util.StringUtils;
import org.unbescape.uri.UriEscape;

/* loaded from: input_file:WEB-INF/lib/thymeleaf-spring5-3.0.15.RELEASE.jar:org/thymeleaf/spring5/util/SpringRequestUtils.class */
public final class SpringRequestUtils {
    public static void checkViewNameNotInRequest(String str, HttpServletRequest httpServletRequest) {
        String pack = StringUtils.pack(str);
        if (containsExpression(pack)) {
            boolean z = false;
            String pack2 = StringUtils.pack(UriEscape.unescapeUriPath(httpServletRequest.getRequestURI()));
            if (pack2 != null && containsExpression(pack2)) {
                z = true;
            }
            if (!z) {
                Enumeration<String> parameterNames = httpServletRequest.getParameterNames();
                while (!z && parameterNames.hasMoreElements()) {
                    String[] parameterValues = httpServletRequest.getParameterValues(parameterNames.nextElement());
                    for (int i = 0; !z && i < parameterValues.length; i++) {
                        String pack3 = StringUtils.pack(parameterValues[i]);
                        if (pack3 != null && containsExpression(pack3) && pack.contains(pack3)) {
                            z = true;
                        }
                    }
                }
            }
            if (z) {
                throw new TemplateProcessingException("View name contains an expression and so does either the URL path or one of the request parameters. This is forbidden in order to reduce the possibilities that direct user input is executed as a part of the view name.");
            }
        }
    }

    private static boolean containsExpression(String str) {
        int length = str.length();
        boolean z = false;
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (z) {
                if (charAt == '{') {
                    return true;
                }
                if (!Character.isWhitespace(charAt)) {
                    z = false;
                }
            } else if (charAt == '$' || charAt == '*' || charAt == '#' || charAt == '@' || charAt == '~') {
                z = true;
            }
        }
        return false;
    }

    private SpringRequestUtils() {
    }
}
