You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@turbine.apache.org by se...@apache.org on 2003/09/07 15:07:10 UTC

cvs commit: jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator TemplateSessionValidator.java TemplateSecureSessionValidator.java

seade       2003/09/07 06:07:10

  Modified:    src/java/org/apache/turbine/modules/actions/sessionvalidator
                        TemplateSessionValidator.java
                        TemplateSecureSessionValidator.java
  Log:
  Fix a NPE when the session has expired.
  
  Revision  Changes    Path
  1.10      +3 -2      jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSessionValidator.java
  
  Index: TemplateSessionValidator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSessionValidator.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- TemplateSessionValidator.java	20 Jun 2003 22:09:13 -0000	1.9
  +++ TemplateSessionValidator.java	7 Sep 2003 13:07:10 -0000	1.10
  @@ -136,7 +136,8 @@
           // the session_access_counter can be placed as a hidden field in
           // forms.  This can be used to prevent a user from using the
           // browsers back button and submitting stale data.
  -        else if (data.getParameters().containsKey("_session_access_counter"))
  +        else if (data.getParameters().containsKey("_session_access_counter")
  +                && !TurbineSecurity.isAnonymousUser(data.getUser()))
           {
               // See comments in screens.error.InvalidState.
               if (data.getParameters().getInt("_session_access_counter") 
  
  
  
  1.12      +3 -2      jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java
  
  Index: TemplateSecureSessionValidator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidator.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- TemplateSecureSessionValidator.java	20 Jun 2003 22:09:13 -0000	1.11
  +++ TemplateSecureSessionValidator.java	7 Sep 2003 13:07:10 -0000	1.12
  @@ -177,7 +177,8 @@
           // browsers back button and submitting stale data.
           // FIXME!! a template needs to be written to use this with templates.
   
  -        if (data.getParameters().containsKey("_session_access_counter"))
  +        if (data.getParameters().containsKey("_session_access_counter")
  +                && !TurbineSecurity.isAnonymousUser(data.getUser()))
           {
               // See comments in screens.error.InvalidState.
               if (data.getParameters().getInt("_session_access_counter")