geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xiam...@apache.org
Subject svn commit: r1340047 - /geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
Date Fri, 18 May 2012 09:40:06 GMT
Author: xiaming
Date: Fri May 18 09:40:06 2012
New Revision: 1340047

URL: http://svn.apache.org/viewvc?rev=1340047&view=rev
Log:
GERONIMO-6348 Revert 1340038

Modified:
    geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java

Modified: geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java?rev=1340047&r1=1340046&r2=1340047&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
(original)
+++ geronimo/server/branches/3.0-beta/plugins/console/console-filter/src/main/java/org/apache/geronimo/console/filter/XSRFHandler.java
Fri May 18 09:40:06 2012
@@ -96,7 +96,7 @@ public class XSRFHandler
         if (hses.isNew() || (uniqueId == null)) {
             // New client session, so create and add our uniqueId
             uniqueId = createSession(hses.getId());
-            hses.setAttribute(XSRF_UNIQUEID, uniqueId);hreq.getRequestURI();
+            hses.setAttribute(XSRF_UNIQUEID, uniqueId);
             log.info("Created session for uid=" + hreq.getRemoteUser() + " with sessionId="
+ hses.getId() + ", uniqueId=" + uniqueId);
             return false;
         }
@@ -134,18 +134,9 @@ public class XSRFHandler
             }
             else if (!reqId.equals(uniqueId)) {
                 // The unique Ids didn't match
-                log.warn("The formId in queryString is not equal to the saved formId in the
session.");
+                log.warn("Blocked due to invalid HttpServletRequest parameter.");
                 // TODO - Should we invalidate the session?
-                String useragent = hreq.getHeader("user-agent");
-                if (useragent.indexOf("MSIE") > -1) {
-                    // let pass for IE
-                    log.debug("User client is IE, when reqId!=uniqueId.");
-                    return false;                    
-                } else {
-                    // block other browser
-                    log.debug("User client is " + useragent + ", when reqId!=uniqueId.");
-                    return true;
-                }
+                return true;
             }
             else {
                 // Unique Ids matched, so let the request thru



Mime
View raw message