Author: tyrell
Date: Sun Jan 13 23:55:03 2008
New Revision: 12193
Log:
Enforcing referer locks to prevent unauthorized editing.
Modified:
trunk/mashup/java/modules/www/editor.jsp
Modified: trunk/mashup/java/modules/www/editor.jsp
==============================================================================
--- trunk/mashup/java/modules/www/editor.jsp (original)
+++ trunk/mashup/java/modules/www/editor.jsp Sun Jan 13 23:55:03 2008
@@ -61,6 +61,21 @@
} else if ((action.equalsIgnoreCase("edit")) && (mashup != null)) {
String[] pathContents = mashup.split("/");
+ //Restricting mashup editing for particular referer pages
+ String[] validReferers = { "mashup.jsp" };
+ boolean validReferer = false;
+
+ for (int x = 0; x < validReferers.length; x++) {
+ if (currentReferer.contains(validReferers[x])) {
+ validReferer = true;
+ }
+ }
+
+ if (!validReferer) {
+ throw new Exception(
+ "Sorry. Unable to launch the editor. Please try using the
links provided in the ui to edit a mashup.");
+ }
+
if (pathContents.length < 4) {
throw new Exception("Sorry. The path specified for the mashup is
invalid.");
} else {
@@ -90,7 +105,7 @@
if (!validReferer) {
throw new Exception(
- "Sorry. Unable to launch the editor. Please try using the
links provided in the ui to create a new service.");
+ "Sorry. Unable to launch the editor. Please try using the
links provided in the ui to create a new mashup.");
}
}
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
