[
https://issues.apache.org/jira/browse/SHINDIG-1945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Kohn updated SHINDIG-1945:
----------------------------------
Attachment: SHINDIG-xxxx-oauth-authorize.jsp-broken.diff
> OAuth authorize.jsp handles form submission results incorrectly
> ---------------------------------------------------------------
>
> Key: SHINDIG-1945
> URL: https://issues.apache.org/jira/browse/SHINDIG-1945
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 2.5.0-update1
> Reporter: Andreas Kohn
> Attachments: SHINDIG-xxxx-oauth-authorize.jsp-broken.diff
>
>
> Found while reading through the sources: authorize.jsp is used for presenting
> a user with a dialog whether he wants to authorize an OAuth client for
> accessing his content.
> The dialog form contains two 'submit' buttons, both named 'Authorize', one
> giving the value 'Authorize', the other giving the value 'Deny'.
> The JSP however doesn't check for the *specific value*, but instead checks
> whether the request contains *any value* for either the 'Authorize' or 'Deny'
> parameter. There is no input named 'Deny', and the 'Authorize' parameter will
> be set to non-null for both 'Authorize' and 'Deny' answers of the user.
> See attached patch.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
