This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
The following commit(s) were added to refs/heads/master by this push: new aad6dcb7a move csrf check to save action aad6dcb7a is described below commit aad6dcb7a9f8ca5f8630fb17959ef2bb6167493c Author: Juan Pablo Santos RodrÃguez <juanpablo.san...@gmail.com> AuthorDate: Thu Jul 14 20:03:46 2022 +0200 move csrf check to save action --- jspwiki-war/src/main/webapp/NewGroup.jsp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jspwiki-war/src/main/webapp/NewGroup.jsp b/jspwiki-war/src/main/webapp/NewGroup.jsp index 5f098f78f..04c137f18 100644 --- a/jspwiki-war/src/main/webapp/NewGroup.jsp +++ b/jspwiki-war/src/main/webapp/NewGroup.jsp @@ -38,10 +38,6 @@ %> <% - if( !CsrfProtectionFilter.isCsrfProtectedPost( request ) ) { - response.sendRedirect( "/error/Forbidden.html" ); - return; - } Engine wiki = Wiki.engine().find( getServletConfig() ); // Create wiki context and check for authorization Context wikiContext = Wiki.context().create( wiki, request, ContextEnum.WIKI_CREATE_GROUP.getRequestContext() ); @@ -62,6 +58,10 @@ // Are we saving the group? if( "save".equals( request.getParameter( "action" ) ) ) { + if( !CsrfProtectionFilter.isCsrfProtectedPost( request ) ) { + response.sendRedirect( "/error/Forbidden.html" ); + return; + } // Validate the group groupMgr.validateGroup( wikiContext, group );