Skip to content
Permalink
Browse files

Merge pull request #2475 from Ry0taK/v3.0

Fix required login bypass vulnerability
  • Loading branch information...
mikeprimm committed May 4, 2019
2 parents c1902a2 + d559694 commit 641f142cd3ccdcbfb04eda3059be22dd9ed93783
Showing with 5 additions and 1 deletion.
  1. +5 −1 DynmapCore/src/main/java/org/dynmap/servlet/MapStorageResourceHandler.java
@@ -46,7 +46,11 @@ public void handle(String target, Request baseRequest, HttpServletRequest reques
int soff = 0, eoff;
// We're handling this request
baseRequest.setHandled(true);

if(core.getLoginRequired()
&& request.getSession(true).getAttribute(LoginServlet.USERID_ATTRIB) == null){
response.sendError(HttpStatus.UNAUTHORIZED_401);
return;
}
if (path.charAt(0) == '/') soff = 1;
eoff = path.indexOf('/', soff);
if (soff < 0) {

0 comments on commit 641f142

Please sign in to comment.
You can’t perform that action at this time.