Upstream/dynmap
1
0
Fork 0
mirror of https://github.com/webbukkit/dynmap.git synced 2024-06-28 07:35:07 +02:00
Code Issues Projects Releases Wiki Activity

Fix required login vulnerability

Browse Source
This commit is contained in:
R0taK 2019-05-02 18:08:56 +09:00
parent e8ec7da47d
commit d5596944b0
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
DynmapCore/src/main/java/org/dynmap/servlet/MapStorageResourceHandler.java
View File

@ -46,7 +46,11 @@ public class MapStorageResourceHandler extends AbstractHandler {
int soff = 0, eoff;
// We're handling this request
baseRequest.setHandled(true);
if(core.getLoginRequired()
&& request.getSession(true).getAttribute(LoginServlet.USERID_ATTRIB) == null){
response.sendError(HttpStatus.UNAUTHORIZED_401);
return;
}
if (path.charAt(0) == '/') soff = 1;
eoff = path.indexOf('/', soff);
if (soff < 0) {