From: David ‘Bombe’ Roden Date: Tue, 19 Oct 2010 19:25:03 +0000 (+0200) Subject: Redirect to “noPermission.html” if a POST request does not have the correct form... X-Git-Tag: 0.1-RC1~185 X-Git-Url: https://git.pterodactylus.net/?a=commitdiff_plain;h=62603dd80cc0a5539d5032e4537c88b86c158085;p=Sone.git Redirect to “noPermission.html” if a POST request does not have the correct form password. --- diff --git a/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java b/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java index 2a56c57..427b0ff 100644 --- a/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java +++ b/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java @@ -51,7 +51,7 @@ public class SoneTemplatePage extends TemplatePage { * The Sone web interface */ public SoneTemplatePage(String path, Template template, String pageTitleKey, WebInterface webInterface) { - super(path, template, webInterface.l10n(), pageTitleKey); + super(path, template, webInterface.l10n(), pageTitleKey, "noPermission.html"); this.webInterface = webInterface; template.set("webInterface", webInterface); } diff --git a/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java b/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java index 79dd208..761e89b 100644 --- a/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java +++ b/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java @@ -21,6 +21,7 @@ import java.io.StringWriter; import java.util.Collection; import java.util.Collections; +import net.pterodactylus.sone.web.page.Page.Request.Method; import net.pterodactylus.util.template.Template; import freenet.clients.http.LinkEnabledCallback; import freenet.clients.http.PageMaker; @@ -47,6 +48,9 @@ public class TemplatePage implements Page, LinkEnabledCallback { /** The l10n key for the page title. */ private final String pageTitleKey; + /** Where to redirect for invalid form passwords. */ + private final String invalidFormPasswordRedirectTarget; + /** * Creates a new template page. * @@ -58,12 +62,16 @@ public class TemplatePage implements Page, LinkEnabledCallback { * The L10n handler * @param pageTitleKey * The l10n key of the title page + * @param invalidFormPasswordRedirectTarget + * The target to redirect to if a POST request does not contain + * the correct form password */ - public TemplatePage(String path, Template template, BaseL10n l10n, String pageTitleKey) { + public TemplatePage(String path, Template template, BaseL10n l10n, String pageTitleKey, String invalidFormPasswordRedirectTarget) { this.path = path; this.template = template; this.l10n = l10n; this.pageTitleKey = pageTitleKey; + this.invalidFormPasswordRedirectTarget = invalidFormPasswordRedirectTarget; } /** @@ -85,6 +93,13 @@ public class TemplatePage implements Page, LinkEnabledCallback { } ToadletContext toadletContext = request.getToadletContext(); + if (request.getMethod() == Method.POST) { + /* require form password. */ + String formPassword = request.getHttpRequest().getPartAsStringFailsafe("formPassword", 32); + if (!formPassword.equals(toadletContext.getContainer().getFormPassword())) { + return new RedirectResponse(invalidFormPasswordRedirectTarget); + } + } PageMaker pageMaker = toadletContext.getPageMaker(); PageNode pageNode = pageMaker.getPageNode(l10n.getString(pageTitleKey), toadletContext); for (String styleSheet : getStyleSheets()) {