roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject svn commit: r645119 - /roller/branches/roller_4.0/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/adminprotocol/BasicAuthenticator.java
Date Sat, 05 Apr 2008 15:24:48 GMT
Author: snoopdave
Date: Sat Apr  5 08:24:47 2008
New Revision: 645119

URL: http://svn.apache.org/viewvc?rev=645119&view=rev
Log:
Fix for security bug ROL-1701:
    https://issues.apache.org/roller/browse/ROL-1701

Modified:
    roller/branches/roller_4.0/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/adminprotocol/BasicAuthenticator.java

Modified: roller/branches/roller_4.0/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/adminprotocol/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/roller/branches/roller_4.0/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/adminprotocol/BasicAuthenticator.java?rev=645119&r1=645118&r2=645119&view=diff
==============================================================================
--- roller/branches/roller_4.0/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/adminprotocol/BasicAuthenticator.java
(original)
+++ roller/branches/roller_4.0/apps/weblogger/src/java/org/apache/roller/weblogger/webservices/adminprotocol/BasicAuthenticator.java
Sat Apr  5 08:24:47 2008
@@ -18,10 +18,6 @@
 import java.util.StringTokenizer;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.roller.weblogger.WebloggerException;
-import org.apache.roller.weblogger.pojos.User;
 
 /**
  * This class implements HTTP basic authentication for roller.
@@ -59,5 +55,11 @@
                 }
             }
         }
+
+        // FIX from Nick Lothian, see 
+        if (getUserName() == null) {
+               throw new UnauthorizedException("ERROR: Could not authorize user");
+        }
+
     }
 }



Mime
View raw message