You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by se...@apache.org on 2003/09/07 15:07:10 UTC
cvs commit: jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator TemplateSessionValidator.java TemplateSecureSessionValidator.java
seade 2003/09/07 06:07:10
Modified: src/java/org/apache/turbine/modules/actions/sessionvalidator
TemplateSessionValidator.java
TemplateSecureSessionValidator.java
Log:
Fix a NPE when the session has expired.
Revision Changes Path
1.10 +3 -2 jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSessionValidator.java
Index: TemplateSessionValidator.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSessionValidator.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- TemplateSessionValidator.java 20 Jun 2003 22:09:13 -0000 1.9
+++ TemplateSessionValidator.java 7 Sep 2003 13:07:10 -0000 1.10
@@ -136,7 +136,8 @@
// the session_access_counter can be placed as a hidden field in
// forms. This can be used to prevent a user from using the
// browsers back button and submitting stale data.
- else if (data.getParameters().containsKey("_session_access_counter"))
+ else if (data.getParameters().containsKey("_session_access_counter")
+ && !TurbineSecurity.isAnonymousUser(data.getUser()))
{
// See comments in screens.error.InvalidState.
if (data.getParameters().getInt("_session_access_counter")
1.12 +3 -2 jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java
Index: TemplateSecureSessionValidator.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- TemplateSecureSessionValidator.java 20 Jun 2003 22:09:13 -0000 1.11
+++ TemplateSecureSessionValidator.java 7 Sep 2003 13:07:10 -0000 1.12
@@ -177,7 +177,8 @@
// browsers back button and submitting stale data.
// FIXME!! a template needs to be written to use this with templates.
- if (data.getParameters().containsKey("_session_access_counter"))
+ if (data.getParameters().containsKey("_session_access_counter")
+ && !TurbineSecurity.isAnonymousUser(data.getUser()))
{
// See comments in screens.error.InvalidState.
if (data.getParameters().getInt("_session_access_counter")