Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #2475 from Ry0taK/v3.0
Fix required login bypass vulnerability
  • Loading branch information
mikeprimm committed May 4, 2019
2 parents c1902a2 + d559694 commit 641f142
Showing 1 changed file with 5 additions and 1 deletion.
Expand Up @@ -46,7 +46,11 @@ public void handle(String target, Request baseRequest, HttpServletRequest reques
int soff = 0, eoff;
// We're handling this request
baseRequest.setHandled(true);

if(core.getLoginRequired()
&& request.getSession(true).getAttribute(LoginServlet.USERID_ATTRIB) == null){
response.sendError(HttpStatus.UNAUTHORIZED_401);
return;
}
if (path.charAt(0) == '/') soff = 1;
eoff = path.indexOf('/', soff);
if (soff < 0) {
Expand Down

0 comments on commit 641f142

Please sign in to comment.