Author: nextgens
Date: 2007-05-03 09:42:22 +0000 (Thu, 03 May 2007)
New Revision: 13120
Modified:
trunk/freenet/src/freenet/clients/http/PproxyToadlet.java
Log:
deny access to any plugin if there is no FullAccess
Modified: trunk/freenet/src/freenet/clients/http/PproxyToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/PproxyToadlet.java 2007-05-03
09:40:50 UTC (rev 13119)
+++ trunk/freenet/src/freenet/clients/http/PproxyToadlet.java 2007-05-03
09:42:22 UTC (rev 13120)
@@ -188,6 +188,12 @@
public void handleGet(URI uri, HTTPRequest request, ToadletContext ctx)
throws ToadletContextClosedException, IOException {
+
+ if(!ctx.isAllowedFullAccess()) {
+ super.sendErrorPage(ctx, 403, "Unauthorized",
L10n.getString("Toadlet.unauthorized"));
+ return;
+ }
+
//String basepath = "/plugins/";
String path = request.getPath();
@@ -199,10 +205,6 @@
Logger.minor(this, "Pproxy fetching "+path);
try {
if (path.equals("")) {
- if(!ctx.isAllowedFullAccess()) {
- super.sendErrorPage(ctx, 403,
"Unauthorized", L10n.getString("Toadlet.unauthorized"));
- return;
- }
this.showPluginList(ctx, request);
} else {
// split path into plugin class name and 'data'
path for plugin
@@ -242,6 +244,11 @@
}
private void showPluginList(ToadletContext ctx, HTTPRequest request)
throws ToadletContextClosedException, IOException {
+ if(!ctx.isAllowedFullAccess()) {
+ super.sendErrorPage(ctx, 403, "Unauthorized",
L10n.getString("Toadlet.unauthorized"));
+ return;
+ }
+
if (!request.hasParameters()) {
HTMLNode pageNode =
ctx.getPageMaker().getPageNode(l10n("pluginsWithNodeName", "name",
core.getMyName()), ctx);
HTMLNode contentNode =
ctx.getPageMaker().getContentNode(pageNode);
