From 62603dd80cc0a5539d5032e4537c88b86c158085 Mon Sep 17 00:00:00 2001 From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?= Date: Tue, 19 Oct 2010 21:25:03 +0200 Subject: [PATCH] =?utf8?q?Redirect=20to=20=E2=80=9CnoPermission.html?= =?utf8?q?=E2=80=9D=20if=20a=20POST=20request=20does=20not=20have=20the=20?= =?utf8?q?correct=20form=20password.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- .../net/pterodactylus/sone/web/SoneTemplatePage.java | 2 +- .../net/pterodactylus/sone/web/page/TemplatePage.java | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java b/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java index 2a56c57..427b0ff 100644 --- a/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java +++ b/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java @@ -51,7 +51,7 @@ public class SoneTemplatePage extends TemplatePage { * The Sone web interface */ public SoneTemplatePage(String path, Template template, String pageTitleKey, WebInterface webInterface) { - super(path, template, webInterface.l10n(), pageTitleKey); + super(path, template, webInterface.l10n(), pageTitleKey, "noPermission.html"); this.webInterface = webInterface; template.set("webInterface", webInterface); } diff --git a/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java b/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java index 79dd208..761e89b 100644 --- a/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java +++ b/src/main/java/net/pterodactylus/sone/web/page/TemplatePage.java @@ -21,6 +21,7 @@ import java.io.StringWriter; import java.util.Collection; import java.util.Collections; +import net.pterodactylus.sone.web.page.Page.Request.Method; import net.pterodactylus.util.template.Template; import freenet.clients.http.LinkEnabledCallback; import freenet.clients.http.PageMaker; @@ -47,6 +48,9 @@ public class TemplatePage implements Page, LinkEnabledCallback { /** The l10n key for the page title. */ private final String pageTitleKey; + /** Where to redirect for invalid form passwords. */ + private final String invalidFormPasswordRedirectTarget; + /** * Creates a new template page. * @@ -58,12 +62,16 @@ public class TemplatePage implements Page, LinkEnabledCallback { * The L10n handler * @param pageTitleKey * The l10n key of the title page + * @param invalidFormPasswordRedirectTarget + * The target to redirect to if a POST request does not contain + * the correct form password */ - public TemplatePage(String path, Template template, BaseL10n l10n, String pageTitleKey) { + public TemplatePage(String path, Template template, BaseL10n l10n, String pageTitleKey, String invalidFormPasswordRedirectTarget) { this.path = path; this.template = template; this.l10n = l10n; this.pageTitleKey = pageTitleKey; + this.invalidFormPasswordRedirectTarget = invalidFormPasswordRedirectTarget; } /** @@ -85,6 +93,13 @@ public class TemplatePage implements Page, LinkEnabledCallback { } ToadletContext toadletContext = request.getToadletContext(); + if (request.getMethod() == Method.POST) { + /* require form password. */ + String formPassword = request.getHttpRequest().getPartAsStringFailsafe("formPassword", 32); + if (!formPassword.equals(toadletContext.getContainer().getFormPassword())) { + return new RedirectResponse(invalidFormPasswordRedirectTarget); + } + } PageMaker pageMaker = toadletContext.getPageMaker(); PageNode pageNode = pageMaker.getPageNode(l10n.getString(pageTitleKey), toadletContext); for (String styleSheet : getStyleSheets()) { -- 2.7.4