Commit 028e7ca2 authored by Dave Cridland's avatar Dave Cridland

Merge pull request #149 from Redor/openfire

Removed chopping by @ character in the URL, to get MUC Plugin running
parents 97297fd6 475130eb
...@@ -86,11 +86,6 @@ public class AuthCheckFilter implements Filter { ...@@ -86,11 +86,6 @@ public class AuthCheckFilter implements Filter {
// in the URL and then the resulting url must exactly match the exclude rule. If the exclude ends with a "*" // in the URL and then the resulting url must exactly match the exclude rule. If the exclude ends with a "*"
// character then the URL is allowed if it exactly matches everything before the * and there are no ".." // character then the URL is allowed if it exactly matches everything before the * and there are no ".."
// characters after the "*". All data in the URL before // characters after the "*". All data in the URL before
// the "@" character is chopped.
if (url.contains("@")) {
url = url.substring(url.indexOf("@"));
}
if (exclude.endsWith("*")) { if (exclude.endsWith("*")) {
if (url.startsWith(exclude.substring(0, exclude.length()-1))) { if (url.startsWith(exclude.substring(0, exclude.length()-1))) {
......
...@@ -25,8 +25,6 @@ public class AuthCheckFilterTest { ...@@ -25,8 +25,6 @@ public class AuthCheckFilterTest {
assertTrue(AuthCheckFilter.testURLPassesExclude("setup/setup-new.jsp","setup/setup-*")); assertTrue(AuthCheckFilter.testURLPassesExclude("setup/setup-new.jsp","setup/setup-*"));
// Let's get crafty by using an "@" symbol
assertFalse(AuthCheckFilter.testURLPassesExclude("login.jsp?@another.jsp", "login.jsp"));
assertFalse(AuthCheckFilter.testURLPassesExclude("another.jsp?login.jsp", "login.jsp")); assertFalse(AuthCheckFilter.testURLPassesExclude("another.jsp?login.jsp", "login.jsp"));
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment