OF-1260: Improve CSRF error message (#731)

This fix applies to the Client Control plugin.

OF-1260: Improve CSRF error message (#731)
This fix applies to the Client Control plugin.
5af214ea · Guus der Kinderen · GitHub · b8462a3c · 5af214ea · 5af214ea
Commit 5af214ea authored Dec 30, 2016 by Guus der Kinderen Committed by GitHub Dec 30, 2016
4 changed files
--- a/src/plugins/clientControl/changelog.html
+++ b/src/plugins/clientControl/changelog.html
@@ -43,10 +43,11 @@
 <h1>
 Client Control Plugin Changelog
 </h1>
-<p><b>2.1.1</b> -- December 29, 2016</p>
+<p><b>2.1.1</b> -- December 30, 2016</p>
 <ul>
    <li>[<a href='http://www.igniterealtime.org/issues/browse/OF-1258'>OF-1258</a>] - Adds an option to enable/disable anonymous login in Spark.</li>
    <li>This update corresponds with ticket SPARK-1852 and requires Spark version 2.8.3 and above for new functionality.</li>
+    <li>[<a href='https://issues.igniterealtime.org/browse/OF-1260'>OF-1260</a>] - Improve CSRF error message.</li>
 </ul>

 <p><b>2.1.0</b> -- November 24, 2016</p>

--- a/src/plugins/clientControl/plugin.xml
+++ b/src/plugins/clientControl/plugin.xml
@@ -9,7 +9,7 @@
    <description>Controls clients allowed to connect and available features</description>
    <author>Jive Software</author>
    <version>2.1.1</version>
-    <date>12/29/2016</date>
+    <date>12/30/2016</date>
    <minServerVersion>4.0.0</minServerVersion>

    <!-- UI extension -->

--- a/src/plugins/clientControl/src/i18n/clientcontrol_i18n.properties
+++ b/src/plugins/clientControl/src/i18n/clientcontrol_i18n.properties
@@ -173,3 +173,5 @@ spark.download.emailtemplate.template.part2 = Once you've performed the initial
  the client will automatically notify you when updates are available.
 spark.download.emailtemplate.template.part3 = When the client starts, enter your username and password along with the server name <b>{0}</b>.
 spark.download.emailtemplate.template.part4 = Please contact me for your username and password.
+
+global.csrf.failed=CSRF Error: No changes made, you'll need to retry.
--- a/src/plugins/clientControl/src/web/client-features.jsp
+++ b/src/plugins/clientControl/src/web/client-features.jsp
@@ -43,7 +43,7 @@
    String csrfParam = ParamUtils.getParameter(request, "csrf");
    boolean csrfStatus = true;

-    if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
+    if (submit == true && (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam))) {
        submit = false;
        csrfStatus = false;
    }