------------------------------------------------------------
revno: 11796
committer: Morten Olav Hansen <morte...@gmail.com>
branch nick: dhis2
timestamp: Mon 2013-08-26 00:05:17 +0200
message:
bugfix for ExternalAccessVoter, allow any access to any fileextension
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java 2013-08-24 13:31:19 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java 2013-08-25 22:05:17 +0000
@@ -107,7 +107,7 @@
if ( urlSplit[1].equals( "api" ) && externalClasses.get( type ) != null )
{
- String uid = urlSplit[3];
+ String uid = getUidPart( urlSplit[3] );
if ( CodeGenerator.isValidCode( uid ) )
{
@@ -128,4 +128,14 @@
return ACCESS_ABSTAIN;
}
+
+ private String getUidPart( String uidPath )
+ {
+ if ( uidPath.contains( "." ) )
+ {
+ return uidPath.substring( 0, uidPath.indexOf( "." ) );
+ }
+
+ return uidPath;
+ }
}
_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp
