http

[email protected] Sat, 24 Mar 2007 18:52:42 +0000 (UTC)

Author: toad
Date: 2007-03-24 18:52:40 +0000 (Sat, 24 Mar 2007)
New Revision: 12323


Modified:
   trunk/freenet/src/freenet/clients/http/FProxyToadlet.java
   trunk/freenet/src/freenet/clients/http/QueueToadlet.java
Log:
Prohibit access to the queue if not allowed full access

Modified: trunk/freenet/src/freenet/clients/http/FProxyToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/FProxyToadlet.java   2007-03-24 
18:26:23 UTC (rev 12322)
+++ trunk/freenet/src/freenet/clients/http/FProxyToadlet.java   2007-03-24 
18:52:40 UTC (rev 12323)
@@ -599,7 +599,7 @@
                        server.register(n2ntmToadlet, "/send_n2ntm/", true, 
true);

                        QueueToadlet queueToadlet = new QueueToadlet(core, 
core.getFCPServer(), client);
-                       server.register(queueToadlet, "/queue/", true, "Queue", 
"manage queued requests", false);
+                       server.register(queueToadlet, "/queue/", true, "Queue", 
"manage queued requests", true);

                        StatisticsToadlet statisticsToadlet = new 
StatisticsToadlet(node, core, client);
                        server.register(statisticsToadlet, "/stats/", true, 
"Statistics", "view statistics", true);

Modified: trunk/freenet/src/freenet/clients/http/QueueToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/QueueToadlet.java    2007-03-24 
18:26:23 UTC (rev 12322)
+++ trunk/freenet/src/freenet/clients/http/QueueToadlet.java    2007-03-24 
18:52:40 UTC (rev 12323)
@@ -73,6 +73,11 @@
        }

        public void handlePost(URI uri, HTTPRequest request, ToadletContext 
ctx) throws ToadletContextClosedException, IOException, RedirectException {
+               
+               if(ctx.isAllowedFullAccess()) {
+                       this.sendErrorPage(ctx, 403, "Forbidden", "You are not 
allowed to access the queue");
+               }
+               
                try {
                        // Browse... button
                        if (request.getPartAsString("insert-local", 
128).length() > 0) {
@@ -312,6 +317,10 @@
        public void handleGet(URI uri, final HTTPRequest request, 
ToadletContext ctx) 
        throws ToadletContextClosedException, IOException, RedirectException {

+               if(ctx.isAllowedFullAccess()) {
+                       this.sendErrorPage(ctx, 403, "Forbidden", "You are not 
allowed to access the queue");
+               }
+               
                // We ensure that we have a FCP server running
                if(!fcp.enabled){
                        this.writeReply(ctx, 400, "text/plain", "FCP server is 
missing", "You need to enable the FCP server to access this page");

[freenet-cvs] r12323 - trunk/freenet/src/freenet/clients/http

Reply via email to