OFBiz OFBiz - Commits

svn commit: r1626384 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
ashish-18
Reply | Threaded
Open this post in threaded view
|

svn commit: r1626384 - /ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java

ashish-18
Author: ashish
Date: Sat Sep 20 06:02:55 2014
New Revision: 1626384

URL: http://svn.apache.org/r1626384
Log:
Applied patch from jira issue - OFBIZ-5769.
web.xml: empty allowPaths init param causes NPE
Thanks Deepak Dixit for the contribution.

Modified:
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java?rev=1626384&r1=1626383&r2=1626384&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/ContextFilter.java Sat Sep 20 06:02:55 2014
@@ -169,9 +169,11 @@ public class ContextFilter implements Fi
             String redirectPath = config.getInitParameter("redirectPath");
             String errorCode = config.getInitParameter("errorCode");
 
-            List<String> allowList = StringUtil.split(allowedPath, ":");
-            allowList.add("/");  // No path is allowed.
-            allowList.add("");   // No path is allowed.
+            List<String> allowList = null;
+            if ((allowList = StringUtil.split(allowedPath, ":")) != null) {
+                allowList.add("/");  // No path is allowed.
+                allowList.add("");   // No path is allowed.
+            }
 
             if (debug) Debug.logInfo("[Domain]: " + httpRequest.getServerName() + " [Request]: " + httpRequest.getRequestURI(), module);
 
@@ -205,8 +207,10 @@ public class ContextFilter implements Fi
 
             // Verbose Debugging
             if (Debug.verboseOn()) {
-                for (String allow: allowList) {
-                    Debug.logVerbose("[Allow]: " + allow, module);
+                if (allowList != null) {
+                    for (String allow: allowList) {
+                        Debug.logVerbose("[Allow]: " + allow, module);
+                    }
                 }
                 Debug.logVerbose("[Request path]: " + requestPath, module);
                 Debug.logVerbose("[Request info]: " + requestInfo, module);
@@ -214,7 +218,9 @@ public class ContextFilter implements Fi
             }
 
             // check to make sure the requested url is allowed
-            if (!allowList.contains(requestPath) && !allowList.contains(requestInfo) && !allowList.contains(httpRequest.getServletPath())) {
+            if (allowList != null &&
+                (!allowList.contains(requestPath) && !allowList.contains(requestInfo) && !allowList.contains(httpRequest.getServletPath()))
+                ) {
                 String filterMessage = "[Filtered request]: " + contextUri;
                 
                 if (redirectPath == null) {


Free forum by Nabble Edit this page