This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
The following commit(s) were added to refs/heads/master by this push:
new aad6dcb7a move csrf check to save action
aad6dcb7a is described below
commit aad6dcb7a9f8ca5f8630fb17959ef2bb6167493c
Author: Juan Pablo Santos RodrÃguez <juanpablo.san...@gmail.com>
AuthorDate: Thu Jul 14 20:03:46 2022 +0200
move csrf check to save action
---
jspwiki-war/src/main/webapp/NewGroup.jsp | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jspwiki-war/src/main/webapp/NewGroup.jsp
b/jspwiki-war/src/main/webapp/NewGroup.jsp
index 5f098f78f..04c137f18 100644
--- a/jspwiki-war/src/main/webapp/NewGroup.jsp
+++ b/jspwiki-war/src/main/webapp/NewGroup.jsp
@@ -38,10 +38,6 @@
%>
<%
- if( !CsrfProtectionFilter.isCsrfProtectedPost( request ) ) {
- response.sendRedirect( "/error/Forbidden.html" );
- return;
- }
Engine wiki = Wiki.engine().find( getServletConfig() );
// Create wiki context and check for authorization
Context wikiContext = Wiki.context().create( wiki, request,
ContextEnum.WIKI_CREATE_GROUP.getRequestContext() );
@@ -62,6 +58,10 @@
// Are we saving the group?
if( "save".equals( request.getParameter( "action" ) ) ) {
+ if( !CsrfProtectionFilter.isCsrfProtectedPost( request ) ) {
+ response.sendRedirect( "/error/Forbidden.html" );
+ return;
+ }
// Validate the group
groupMgr.validateGroup( wikiContext, group );
