You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@continuum.apache.org by oc...@apache.org on 2011/04/13 07:56:41 UTC

svn commit: r1091659 - in /continuum/branches/continuum-1.3.x: continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ continuum-webapp/src/main/resources/ continuum-webapp/src/main/webapp/WEB-INF/jsp/

Author: oching
Date: Wed Apr 13 05:56:41 2011
New Revision: 1091659

URL: http://svn.apache.org/viewvc?rev=1091659&view=rev
Log:
[CONTINUUM-2622] revert usage of token interceptor for remove project group as it breaks delete project group from project group summary page

Modified:
    continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
    continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml
    continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp

Modified: continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java?rev=1091659&r1=1091658&r2=1091659&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java Wed Apr 13 05:56:41 2011
@@ -53,13 +53,14 @@ public class CSRFSecurityTest
         assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
     }
 
+    /*
     public void testCSRFRemoveProjectGroup()
     {
         getSelenium().open( baseUrl );
         getSelenium().open( baseUrl + "/removeProjectGroup.action?projectGroupId=2" );
         assertTextPresent( "Security Alert - Invalid Token Found" );
         assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
-    }
+    } */
 
     public void testCSRFRemoveBuildResult()
     {

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml?rev=1091659&r1=1091658&r2=1091659&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml Wed Apr 13 05:56:41 2011
@@ -366,9 +366,7 @@
     </action>
 
     <action name="removeProjectGroup" class="projectGroup" method="remove">
-      <interceptor-ref name="storeStack">
-        <param name="tokenSession.includeMethods">remove</param>
-      </interceptor-ref>
+      <interceptor-ref name="storeStack"/>
       <result name="confirm">/WEB-INF/jsp/confirmGroupRemoval.jsp</result>
       <result name="success" type="redirect-action">
         <param name="actionName">groupSummary</param>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp?rev=1091659&r1=1091658&r2=1091659&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp Wed Apr 13 05:56:41 2011
@@ -173,7 +173,6 @@
                 <form action="removeProjectGroup.action" method="post">
                   <input type="hidden" name="projectGroupId" value="<s:property value="projectGroupId"/>"/>
                   <input type="submit" name="remove" value="<s:text name="projectGroup.deleteGroup"/>"/>
-                  <s:token/>
                 </form>
               </redback:ifAuthorized>
             </td>

Re: svn commit: r1091659 - in /continuum/branches/continuum-1.3.x: continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ continuum-webapp/src/main/resources/ continuum-webapp/src/main/webapp/WEB-INF/jsp/

Posted by Deng Ching <oc...@apache.org>.

Yep, it was caught by the existing selenium tests that go through
project group removal. I just didn't notice it previously because the
selenium tests failed when I ran it prior to my changes.

On Wed, Apr 13, 2011 at 3:15 PM, Brett Porter <br...@apache.org> wrote:
> On 13/04/2011, at 3:56 PM, oching@apache.org wrote:
>
>> Author: oching
>> Date: Wed Apr 13 05:56:41 2011
>> New Revision: 1091659
>>
>> URL: http://svn.apache.org/viewvc?rev=1091659&view=rev
>> Log:
>> [CONTINUUM-2622] revert usage of token interceptor for remove project group as it breaks delete project group from project group summary page
>
> Was this caught out by the existing tests? Need another solution?
>
> - Brett

Re: svn commit: r1091659 - in /continuum/branches/continuum-1.3.x: continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ continuum-webapp/src/main/resources/ continuum-webapp/src/main/webapp/WEB-INF/jsp/

Posted by Brett Porter <br...@apache.org>.

On 13/04/2011, at 3:56 PM, oching@apache.org wrote:

> Author: oching
> Date: Wed Apr 13 05:56:41 2011
> New Revision: 1091659
> 
> URL: http://svn.apache.org/viewvc?rev=1091659&view=rev
> Log:
> [CONTINUUM-2622] revert usage of token interceptor for remove project group as it breaks delete project group from project group summary page

Was this caught out by the existing tests? Need another solution?

- Brett