History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: UP-1836
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Eric Dalquist
Reporter: Susan Bramhall
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
uPortal

null referrer should not be allowed when check referrer is on

Created: 28/Sep/07 04:05 PM   Updated: 19/Oct/07 05:35 PM
Component/s: Resource Proxy
Affects Version/s: 2.6.0 RC2, 2.6.0 GA, 2.6.1 RC1
Fix Version/s: 3.0.0-M5, 2.6.1 RC2

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown
Issue Links:
Cloners
This issue Cloned by:
UP-1839 null referrer should not be allowed w... Major Closed
 


 Description  « Hide
Index: C:/workspace/uPortal-2-6/source/org/jasig/portal/HttpProxyServlet.java
===================================================================
--- C:/workspace/uPortal-2-6/source/org/jasig/portal/HttpProxyServlet.java (revision 42318)
+++ C:/workspace/uPortal-2-6/source/org/jasig/portal/HttpProxyServlet.java (working copy)
@@ -80,6 +80,12 @@
      return;
      }
 
+ } else /* referer is null so don't return element */ {
+ if (log.isWarnEnabled()) {
+ log.warn("HttpProxyServlet: bad Referer: " + referer);
+ }
+ response.setStatus(404);
+ return;
         }
  }
 


 All   Comments   Work Log   Change History      Sort Order:
[ Permlink | « Hide ]
Susan Bramhall [28/Sep/07 04:06 PM]
Yale has been running this fix in production for 2 months and getting correct behavior.

[ Permlink | « Hide ]
Eric Dalquist [02/Oct/07 02:36 PM]
Applied patch

[ Permlink | « Hide ]
Eric Dalquist [03/Oct/07 12:23 PM]
Issues have been resolved in 2.6.1-RC2 release

[ Permlink | « Hide ]
Brad Johnson [18/Oct/07 12:11 PM]
I don't think the fix made it into trunk. Reopening.

[ Permlink | « Hide ]
Eric Dalquist [18/Oct/07 12:34 PM]
Fixed in working-pluto branch which will be merged back with the trunk

[ Permlink | « Hide ]
Susan Bramhall [19/Oct/07 05:18 PM]
I'm confused. Does not seem to be in 2-6-patches branch either.

[ Permlink | « Hide ]
Eric Dalquist [19/Oct/07 05:29 PM]
According to the Fisheye tab for this issue there have been two commits made for it. One on the rel-2-6-patches branch on Oct. 2nd which made it into the 2.6.1-RC2 release and one on the pluto-working branch on Oct. 18th which will become the trunk in a few weeks.

[ Permlink | « Hide ]
Susan Bramhall [19/Oct/07 05:35 PM]
Sorry - I'm a dodo. My error updating to the patches branch. It's there.


Site running on a free Atlassian JIRA Open Source Project License granted to Java Architectures Special Interest Group. Evaluate JIRA today.
Powered by Atlassian JIRA™ the Professional Issue Tracker. (Enterprise Edition, Version: 3.7.1-#185) - Bug/feature request - Contact Administrators