You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by xi...@apache.org on 2012/05/18 11:40:06 UTC
svn commit: r1340047 -
/geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
Author: xiaming
Date: Fri May 18 09:40:06 2012
New Revision: 1340047
URL: http://svn.apache.org/viewvc?rev=1340047&view=rev
Log:
GERONIMO-6348 Revert 1340038
Modified:
geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
Modified: geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java?rev=1340047&r1=1340046&r2=1340047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java Fri May 18 09:40:06 2012
@@ -96,7 +96,7 @@ public class XSRFHandler
if (hses.isNew() || (uniqueId == null)) {
// New client session, so create and add our uniqueId
uniqueId = createSession(hses.getId());
- hses.setAttribute(XSRF_UNIQUEID, uniqueId);hreq.getRequestURI();
+ hses.setAttribute(XSRF_UNIQUEID, uniqueId);
log.info("Created session for uid=" + hreq.getRemoteUser() + " with sessionId=" + hses.getId() + ", uniqueId=" + uniqueId);
return false;
}
@@ -134,18 +134,9 @@ public class XSRFHandler
}
else if (!reqId.equals(uniqueId)) {
// The unique Ids didn't match
- log.warn("The formId in queryString is not equal to the saved formId in the session.");
+ log.warn("Blocked due to invalid HttpServletRequest parameter.");
// TODO - Should we invalidate the session?
- String useragent = hreq.getHeader("user-agent");
- if (useragent.indexOf("MSIE") > -1) {
- // let pass for IE
- log.debug("User client is IE, when reqId!=uniqueId.");
- return false;
- } else {
- // block other browser
- log.debug("User client is " + useragent + ", when reqId!=uniqueId.");
- return true;
- }
+ return true;
}
else {
// Unique Ids matched, so let the request thru