This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new dd9450a355 Improved: Refactor ControlFilter class without functional
changes (OFBIZ-13213)
dd9450a355 is described below
commit dd9450a355648120af3c28d3f1f799c66db8e010
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Feb 28 17:44:44 2025 +0100
Improved: Refactor ControlFilter class without functional changes
(OFBIZ-13213)
ControlFilterTests did not pass.
<<!LoginWorker.hasBasePermission(userLogin, req)>> must be checked before
to call it. Ie, special test URLs
---
.../java/org/apache/ofbiz/webapp/control/ControlFilter.java | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index 5ba06ae4e6..502e2a2f96 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -190,13 +190,10 @@ public class ControlFilter extends HttpFilter {
// Allows UEL and FlexibleString (OFBIZ-12602). Also allows
SolrTest to pass. No need to check these URLs
GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
- if (!LoginWorker.hasBasePermission(userLogin, req) ||
isSolrTest()) {
- return;
- }
-
- // Reject Freemarker interpolation in URL
- if (SecuredFreemarker.containsFreemarkerInterpolation(req, resp,
uri)) {
- return;
+ if (!LoginWorker.hasBasePermission(userLogin, req)) { // Allows
UEL and FlexibleString (OFBIZ-12602)
+ if (isSolrTest() &&
SecuredFreemarker.containsFreemarkerInterpolation(req, resp, uri)) { // Reject
Freemarker interpolation in URL
+ return;
+ }
}
// Reject insecure URLs
