You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by mr...@apache.org on 2005/03/21 00:29:40 UTC

svn commit: r158374 - in struts/flow/trunk/src: java/system.js remote-example/WEB-INF/numberguess.js

Author: mrdon
Date: Sun Mar 20 15:29:40 2005
New Revision: 158374

URL: http://svn.apache.org/viewcvs?view=rev&rev=158374
Log:
Added optional protection to allow server to specify what functions can be called 
remotely.

Modified:
    struts/flow/trunk/src/java/system.js
    struts/flow/trunk/src/remote-example/WEB-INF/numberguess.js

Modified: struts/flow/trunk/src/java/system.js
URL: http://svn.apache.org/viewcvs/struts/flow/trunk/src/java/system.js?view=diff&r1=158373&r2=158374
==============================================================================
--- struts/flow/trunk/src/java/system.js (original)
+++ struts/flow/trunk/src/java/system.js Sun Mar 20 15:29:40 2005
@@ -22,17 +22,35 @@
    return func.apply(this, args);
 }
 
-function forwardAndWait(name, atts)
+function forwardAndWait(name, atts, allowedRemoteFuncs)
 {
    var kont = _forwardAndWait(name, atts);
    lastContinuation = kont;
    //print("looking for func: "+context.get("func")+" "+context.chainContext.fun+" "+context.chainContext.getParam().FlowCall);
    func = context.get("func");
    if (func != null) {
-       print("processing cont func");
-       var json;
-       eval("json = "+context.get("json"));
-       ret = this[func].apply(this, json);
+       var ret;
+       var callFunc = false;
+       if (allowedRemoteFuncs) {
+           for (x in allowedRemoteFuncs) {
+               if (allowedRemoteFuncs[x] == func) {
+                   callFunc = true;
+                   break;
+               }
+           }
+           if (!callFunc) {
+               ret = {"error":"Invalid function:"+func};
+               log.warn("Invalid remote function attempt:"+func);
+           }
+       } else {
+           callFunc = true;
+       }
+       if (callFunc) {
+           print("processing cont func");
+           var json;
+           eval("json = "+context.get("json"));
+           ret = this[func].apply(this, json);
+       }
        kont = _forwardAndWait("n/a", ret);
        lastContinuation = kont;
    }

Modified: struts/flow/trunk/src/remote-example/WEB-INF/numberguess.js
URL: http://svn.apache.org/viewcvs/struts/flow/trunk/src/remote-example/WEB-INF/numberguess.js?view=diff&r1=158373&r2=158374
==============================================================================
--- struts/flow/trunk/src/remote-example/WEB-INF/numberguess.js (original)
+++ struts/flow/trunk/src/remote-example/WEB-INF/numberguess.js Sun Mar 20 15:29:40 2005
@@ -9,10 +9,12 @@
 
   while (true) {
 
-    // send guess page to user and wait for response
+    // send guess page to user and wait for response.  Specify only cheat() 
+    // can be called remotely.
     forwardAndWait("failure", 
        { "hint"    : hint,
-         "guesses" : guesses} );
+         "guesses" : guesses},
+       ["cheat"]);
 
     print("processing a user guess "+getRequestParams().guess);
     // process user's guess



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org