Upstream/dynmap
1
0
Fork 0
mirror of https://github.com/webbukkit/dynmap.git synced 2024-11-24 03:05:28 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2475 from Ry0taK/v3.0

Browse Source 
Fix required login bypass vulnerability
This commit is contained in:
mikeprimm 2019-05-04 11:28:31 -05:00 committed by GitHub
commit 641f142cd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
DynmapCore/src/main/java/org/dynmap/servlet/MapStorageResourceHandler.java
View File

@ -46,7 +46,11 @@ public class MapStorageResourceHandler extends AbstractHandler {
int soff = 0, eoff;
// We're handling this request
baseRequest.setHandled(true);
if(core.getLoginRequired()
&& request.getSession(true).getAttribute(LoginServlet.USERID_ATTRIB) == null){
response.sendError(HttpStatus.UNAUTHORIZED_401);
return;
}
if (path.charAt(0) == '/') soff = 1;
eoff = path.indexOf('/', soff);
if (soff < 0) {