[mashup-dev] svn commit r12193 - trunk/mashup/java/modules/www

svn at wso2.org svn at wso2.org
Sun Jan 13 23:55:29 PST 2008


Author: tyrell
Date: Sun Jan 13 23:55:03 2008
New Revision: 12193

Log:

Enforcing referer locks to prevent unauthorized editing.

Modified:
   trunk/mashup/java/modules/www/editor.jsp

Modified: trunk/mashup/java/modules/www/editor.jsp
==============================================================================
--- trunk/mashup/java/modules/www/editor.jsp	(original)
+++ trunk/mashup/java/modules/www/editor.jsp	Sun Jan 13 23:55:03 2008
@@ -61,6 +61,21 @@
     } else if ((action.equalsIgnoreCase("edit")) && (mashup != null)) {
         String[] pathContents = mashup.split("/");
 
+        //Restricting mashup editing for particular referer pages
+        String[] validReferers = { "mashup.jsp" };
+        boolean validReferer = false;
+
+        for (int x = 0; x < validReferers.length; x++) {
+            if (currentReferer.contains(validReferers[x])) {
+                validReferer = true;
+            }
+        }
+
+        if (!validReferer) {
+            throw new Exception(
+                    "Sorry. Unable to launch the editor. Please try using the links provided in the ui to edit a mashup.");
+        }
+
         if (pathContents.length < 4) {
             throw new Exception("Sorry. The path specified for the mashup is invalid.");
         } else {
@@ -90,7 +105,7 @@
 
         if (!validReferer) {
             throw new Exception(
-                    "Sorry. Unable to launch the editor. Please try using the links provided in the ui to create a new service.");
+                    "Sorry. Unable to launch the editor. Please try using the links provided in the ui to create a new mashup.");
         }
 
     }



More information about the Mashup-dev mailing list