mirror of
https://github.com/webbukkit/dynmap.git
synced 2024-09-29 14:17:26 +02:00
Fix required login vulnerability
This commit is contained in:
parent
e8ec7da47d
commit
d5596944b0
@ -46,7 +46,11 @@ public class MapStorageResourceHandler extends AbstractHandler {
|
||||
int soff = 0, eoff;
|
||||
// We're handling this request
|
||||
baseRequest.setHandled(true);
|
||||
|
||||
if(core.getLoginRequired()
|
||||
&& request.getSession(true).getAttribute(LoginServlet.USERID_ATTRIB) == null){
|
||||
response.sendError(HttpStatus.UNAUTHORIZED_401);
|
||||
return;
|
||||
}
|
||||
if (path.charAt(0) == '/') soff = 1;
|
||||
eoff = path.indexOf('/', soff);
|
||||
if (soff < 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user