OFBiz OFBiz - Commits

svn commit: r965164 - /ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
lektran
Reply | Threaded
Open this post in threaded view
|

svn commit: r965164 - /ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

lektran
Author: lektran
Date: Sun Jul 18 06:00:07 2010
New Revision: 965164

URL: http://svn.apache.org/viewvc?rev=965164&view=rev
Log:
Backport from trunk r965163:
Setting the request-map/security element's direct-request attribute to false was only working if a default-request was present.  Reported by Wai in OFBIZ-3861 and fixed using a variation of the patch that he supplied.

Modified:
    ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java

Modified: ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=965164&r1=965163&r2=965164&view=diff
==============================================================================
--- ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Sun Jul 18 06:00:07 2010
@@ -173,9 +173,9 @@ public class RequestHandler {
 
             // Check to make sure we are allowed to access this request directly. (Also checks if this request is defined.)
             // If the request cannot be called, or is not defined, check and see if there is a default-request we can process
-            String defaultRequest = controllerConfig.getDefaultRequest();
-            if (!requestMap.securityDirectRequest && defaultRequest != null) {
-                if (!requestMapMap.get(defaultRequest).securityDirectRequest) {
+            if (!requestMap.securityDirectRequest) {
+                String defaultRequest = controllerConfig.getDefaultRequest();
+                if (defaultRequest == null || !requestMapMap.get(defaultRequest).securityDirectRequest) {
                     // use the same message as if it was missing for security reasons, ie so can't tell if it is missing or direct request is not allowed
                     throw new RequestHandlerException(requestMissingErrorMessage);
                 } else {


Free forum by Nabble Edit this page