thanks for spotting it, Motohiko :-) I've pushed 2.10.4-03 with a fix for this; instead of just returning there's also a sendRedirect so the request can be routed to the Login.jsp page, with the appropiate redirect parameter (I was getting a blank page with the return alone). I'm also deploying a snapshot right now, so it should be available in ~45 minutes.
best regards, juan pablo On Thu, Mar 29, 2018 at 3:01 PM, Motohiko Matsuda <m...@acm.org> wrote: > Hi, > > First of all, thank you, developers of JSPWIKI. > We are using JSPWIKI very nicely as an internal wiki for a long time. > > But, we needed to apply a fix before using JSPWIKI. > It reveals the content of the "Main" page without login, > when we omit the arguments to a JSP page. > For example, just "https://xxx/xxx/Edit.jsp" shows the Main page > (omitting the following "?page=xxx"). > I have checked in 2.10.3, but it is not fixed. > > We are happy if it will contribute to JSPWIKI. > > Regards, > Motohiko Matsuda > > Files need a fix: > > Comment.jsp > Delete.jsp > Diff.jsp > Edit.jsp > PageInfo.jsp > PageModified.jsp > Preview.jsp > Rename.jsp > > The diff (all files need the same fix): > > --- Edit.jsp.org Tue Feb 16 22:11:28 2016 > +++ Edit.jsp Tue Oct 17 11:47:04 2017 > @@ -54,6 +54,8 @@ > // Create wiki context and check for authorization > WikiContext wikiContext = wiki.createContext( request, > WikiContext.EDIT ); > if(!wiki.getAuthorizationManager().hasAccess( wikiContext, response > )) return; > + if (wikiContext.getCommand().getTarget() == null) {return;} > String pagereq = wikiContext.getName(); > > WikiSession wikiSession = wikiContext.getWikiSession(); >