continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From och...@apache.org
Subject svn commit: r1091659 - in /continuum/branches/continuum-1.3.x: continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ continuum-webapp/src/main/resources/ continuum-webapp/src/main/webapp/WEB-INF/jsp/
Date Wed, 13 Apr 2011 05:56:41 GMT
Author: oching
Date: Wed Apr 13 05:56:41 2011
New Revision: 1091659

URL: http://svn.apache.org/viewvc?rev=1091659&view=rev
Log:
[CONTINUUM-2622] revert usage of token interceptor for remove project group as it breaks delete
project group from project group summary page

Modified:
    continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
    continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml
    continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp

Modified: continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java?rev=1091659&r1=1091658&r2=1091659&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
(original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
Wed Apr 13 05:56:41 2011
@@ -53,13 +53,14 @@ public class CSRFSecurityTest
         assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request."
);
     }
 
+    /*
     public void testCSRFRemoveProjectGroup()
     {
         getSelenium().open( baseUrl );
         getSelenium().open( baseUrl + "/removeProjectGroup.action?projectGroupId=2" );
         assertTextPresent( "Security Alert - Invalid Token Found" );
         assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request."
);
-    }
+    } */
 
     public void testCSRFRemoveBuildResult()
     {

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml?rev=1091659&r1=1091658&r2=1091659&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml Wed
Apr 13 05:56:41 2011
@@ -366,9 +366,7 @@
     </action>
 
     <action name="removeProjectGroup" class="projectGroup" method="remove">
-      <interceptor-ref name="storeStack">
-        <param name="tokenSession.includeMethods">remove</param>
-      </interceptor-ref>
+      <interceptor-ref name="storeStack"/>
       <result name="confirm">/WEB-INF/jsp/confirmGroupRemoval.jsp</result>
       <result name="success" type="redirect-action">
         <param name="actionName">groupSummary</param>

Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp?rev=1091659&r1=1091658&r2=1091659&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
(original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
Wed Apr 13 05:56:41 2011
@@ -173,7 +173,6 @@
                 <form action="removeProjectGroup.action" method="post">
                   <input type="hidden" name="projectGroupId" value="<s:property value="projectGroupId"/>"/>
                   <input type="submit" name="remove" value="<s:text name="projectGroup.deleteGroup"/>"/>
-                  <s:token/>
                 </form>
               </redback:ifAuthorized>
             </td>



Mime
View raw message