[
https://issues.apache.org/jira/browse/ROL-2058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Johnson resolved ROL-2058.
--------------------------------
Resolution: Fixed
Assignee: David Johnson (was: Roller Unassigned)
Thanks for finding and fixing this Kohei!
Author: snoopdave
Date: Sun Mar 1 14:45:17 2015
New Revision: 1663125
URL: http://svn.apache.org/r1663125
Log: ROL-2058 no salt renewal on request
> No salt renewal on POST request
> -------------------------------
>
> Key: ROL-2058
> URL: https://issues.apache.org/jira/browse/ROL-2058
> Project: Apache Roller
> Issue Type: Bug
> Components: User Interface - General
> Affects Versions: 5.1.1
> Environment: WildFly 8.2.0.Final
> Reporter: Kohei Nozaki
> Assignee: David Johnson
> Attachments: ROL-2058.patch
>
>
> Roller continues using previous salt value which sent from client as POST
> parameter. this leads fixing of salt value in the form element of html, and
> brings ServletException("Security Violation") by ValidateSaltFilter at some
> use cases (e.g. long-term editing over 60 minutes) unexpectedly.
> Seems to that the cause is existence of
> org.apache.roller.weblogger.ui.struts2.util.UIAction#setSalt(String) method.
> this overwrites salt with previous value which sent by client as POST
> parameter. it's unnecessary behavior because new salt value comes through
> preceding invocation of UIAction#setRequest(Map).
> Original discussion in the mailing list:
> http://markmail.org/search/?q=list%3Aorg.apache.roller.user#query:list%3Aorg.apache.roller.user+page:1+mid:tnqn4qjuwmwun4oh+state:results
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
