Author: j16sdiz
Date: 2008-11-25 13:15:40 +0000 (Tue, 25 Nov 2008)
New Revision: 23859
Modified:
trunk/freenet/src/freenet/clients/http/ConfigToadlet.java
Log:
security fix: fix changing security level without full access
Modified: trunk/freenet/src/freenet/clients/http/ConfigToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/ConfigToadlet.java 2008-11-25
13:15:37 UTC (rev 23858)
+++ trunk/freenet/src/freenet/clients/http/ConfigToadlet.java 2008-11-25
13:15:40 UTC (rev 23859)
@@ -112,6 +112,12 @@
@Override
public void handlePost(URI uri, HTTPRequest request, ToadletContext ctx)
throws ToadletContextClosedException, IOException {
+ if (!ctx.isAllowedFullAccess()) {
+ super.sendErrorPage(ctx, 403,
L10n.getString("Toadlet.unauthorizedTitle"), L10n
+ .getString("Toadlet.unauthorized"));
+ return;
+ }
+
String pass = request.getPartAsString("formPassword", 32);
if((pass == null) || !pass.equals(core.formPassword)) {
MultiValueTable<String,String> headers = new
MultiValueTable<String,String>();
@@ -235,11 +241,6 @@
SubConfig[] sc = config.getConfigs();
StringBuilder errbuf = new StringBuilder();
- if(!ctx.isAllowedFullAccess()) {
- super.sendErrorPage(ctx, 403,
L10n.getString("Toadlet.unauthorizedTitle"),
L10n.getString("Toadlet.unauthorized"));
- return;
- }
-
boolean logMINOR = Logger.shouldLog(Logger.MINOR, this);
for(int i=0; i<sc.length ; i++){
_______________________________________________
cvs mailing list
[email protected]
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
