On Saturday 08 November 2008 10:23, xor at freenetproject.org wrote:
> Author: xor
> Date: 2008-11-08 10:23:26 +0000 (Sat, 08 Nov 2008)
> New Revision: 23413
>
> Modified:
> trunk/plugins/Freetalk/Freetalk.java
> Log:
> Fix webinterface bug.
>
> Modified: trunk/plugins/Freetalk/Freetalk.java
> ===================================================================
> --- trunk/plugins/Freetalk/Freetalk.java 2008-11-08 09:15:19 UTC (rev
> 23412)
> +++ trunk/plugins/Freetalk/Freetalk.java 2008-11-08 10:23:26 UTC (rev
> 23413)
> @@ -171,8 +171,10 @@
> public String handleHTTPGet(HTTPRequest request) throws
PluginHTTPException {
>
> String pass = request.getParam("formPassword");
> - if (pass == null || (pass.length() ==
0) || !pass.equals(pr.getNode().clientCore.formPassword))
> - return Errors.makeErrorPage(this, "Buh! Invalid form
> password");
> + if(pass != null) { /* FIXME: is this correct? what if the
> client just
does not specify the password so that its null? */
> + if ((pass.length() ==
0) || !pass.equals(pr.getNode().clientCore.formPassword))
> + return Errors.makeErrorPage(this, "Buh! Invalid
> form password");
> + }
What was wrong with the old code? The new code definitely lets the client
through if they don't specify a password.
>
> String page = request.getPath().substring(PLUGIN_URI.length());
> if ((page.length() < 1) || ("/".equals(page)))
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20081112/50e57772/attachment.pgp>
