You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ge...@apache.org on 2010/10/20 03:21:28 UTC
svn commit: r1024477 -
/geronimo/server/trunk/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
Author: genspring
Date: Wed Oct 20 01:21:28 2010
New Revision: 1024477
URL: http://svn.apache.org/viewvc?rev=1024477&view=rev
Log:
GERONIMO-5407 XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console. jetty's request.getQueryString() will return a zero length string instead of null for a request like this "http://localhost:8080/console/xxx?"
Modified:
geronimo/server/trunk/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
Modified: geronimo/server/trunk/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java?rev=1024477&r1=1024476&r2=1024477&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java (original)
+++ geronimo/server/trunk/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java Wed Oct 20 01:21:28 2010
@@ -85,7 +85,9 @@ public class XSRFHandler
return false;
}
- if ((hreq.getQueryString() != null) || (hreq.getParameterNames().hasMoreElements())) {
+ if ((hreq.getQueryString() != null && hreq.getQueryString().length() > 0)
+ || (hreq.getParameterNames().hasMoreElements())) {
+
if (hreq.getParameterMap().keySet().size() == 1 && hreq.getParameter(NOXSS_SHOW_TREE) != null) {