You are viewing a plain text version of this content. The canonical link for it is here.

Posted to scm@geronimo.apache.org by xi...@apache.org on 2012/05/18 11:40:06 UTC

svn commit: r1340047 - /geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java

Author: xiaming
Date: Fri May 18 09:40:06 2012
New Revision: 1340047

URL: http://svn.apache.org/viewvc?rev=1340047&view=rev
Log:
GERONIMO-6348 Revert 1340038

Modified:
    geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java

Modified: geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java?rev=1340047&r1=1340046&r2=1340047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java (original)
+++ geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java Fri May 18 09:40:06 2012
@@ -96,7 +96,7 @@ public class XSRFHandler
         if (hses.isNew() || (uniqueId == null)) {
             // New client session, so create and add our uniqueId
             uniqueId = createSession(hses.getId());
-            hses.setAttribute(XSRF_UNIQUEID, uniqueId);hreq.getRequestURI();
+            hses.setAttribute(XSRF_UNIQUEID, uniqueId);
             log.info("Created session for uid=" + hreq.getRemoteUser() + " with sessionId=" + hses.getId() + ", uniqueId=" + uniqueId);
             return false;
         }
@@ -134,18 +134,9 @@ public class XSRFHandler
             }
             else if (!reqId.equals(uniqueId)) {
                 // The unique Ids didn't match
-                log.warn("The formId in queryString is not equal to the saved formId in the session.");
+                log.warn("Blocked due to invalid HttpServletRequest parameter.");
                 // TODO - Should we invalidate the session?
-                String useragent = hreq.getHeader("user-agent");
-                if (useragent.indexOf("MSIE") > -1) {
-                    // let pass for IE
-                    log.debug("User client is IE, when reqId!=uniqueId.");
-                    return false;                    
-                } else {
-                    // block other browser
-                    log.debug("User client is " + useragent + ", when reqId!=uniqueId.");
-                    return true;
-                }
+                return true;
             }
             else {
                 // Unique Ids matched, so let the request thru