This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new cc229322eb Improved: Refactor ControlFilter class without functional
changes (OFBIZ-13213)
cc229322eb is described below
commit cc229322eb1bdf111c1498efed011473108cf3a2
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Feb 28 17:44:44 2025 +0100
Improved: Refactor ControlFilter class without functional changes
(OFBIZ-13213)
ControlFilterTests did not pass.
<<!LoginWorker.hasBasePermission(userLogin, req)>> must be checked before
to call it. Ie, special test URLs
---
.../java/org/apache/ofbiz/webapp/control/ControlFilter.java | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index 083c77f1b4..71dacac212 100644
---
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -187,13 +187,10 @@ public class ControlFilter extends HttpFilter {
// Allows UEL and FlexibleString (OFBIZ-12602). Also allows
SolrTest to pass. No need to check these URLs
GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
- if (!LoginWorker.hasBasePermission(userLogin, req) ||
isSolrTest()) {
- return;
- }
-
- // Reject Freemarker interpolation in URL
- if (SecuredFreemarker.containsFreemarkerInterpolation(req, resp,
uri)) {
- return;
+ if (!LoginWorker.hasBasePermission(userLogin, req)) { // Allows
UEL and FlexibleString (OFBIZ-12602)
+ if (isSolrTest() &&
SecuredFreemarker.containsFreemarkerInterpolation(req, resp, uri)) { // Reject
Freemarker interpolation in URL
+ return;
+ }
}
// Reject insecure URLs
