Permalink
Browse files

Restrict Search Result Layout modification to HTTP POST only.

  • Loading branch information...
luccioman committed Sep 25, 2017
1 parent ef8aea7 commit b1e7bd0dd62823e3d90135140cdff34f941aab3a
Showing with 8 additions and 7 deletions.
  1. +1 −0 htroot/ConfigSearchPage_p.html
  2. +7 −7 htroot/ConfigSearchPage_p.java
@@ -22,6 +22,7 @@ <h2>Search Result Page Layout Configuration</h2>
<h4>Page Template</h4>
<form action="ConfigSearchPage_p.html" method="post" enctype="multipart/form-data" id="ConfigSearchPage" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<table>
<tr>
<td style="border-width: 1px; border-color: grey; border-style: solid; padding: 5px;">
@@ -35,6 +35,7 @@
import net.yacy.cora.date.GenericFormatter;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.util.ConcurrentLog;
import net.yacy.data.TransactionManager;
import net.yacy.data.WorkTables;
import net.yacy.search.Switchboard;
import net.yacy.search.SwitchboardConstants;
@@ -51,13 +52,9 @@ public static serverObjects respond(final RequestHeader header, final serverObje
final Switchboard sb = (Switchboard) env;
if (post != null) {
// AUTHENTICATE
if (!sb.verifyAuthentication(header)) {
// force log-in
prop.authenticationRequired();
return prop;
}
/* Check this is a valid transaction */
TransactionManager.checkPostTransaction(header, post);
if (post.containsKey("searchpage_set")) {
final String newGreeting = post.get(SwitchboardConstants.GREETING, "");
// store this call as api call
@@ -182,6 +179,9 @@ public static serverObjects respond(final RequestHeader header, final serverObje
String.valueOf(QueryParams.FACETS_DATE_MAXCOUNT_DEFAULT)));
}
}
/* Acquire a transaction token for the next POST form submission */
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
prop.putHTML(SwitchboardConstants.GREETING, sb.getConfig(SwitchboardConstants.GREETING, ""));
prop.putHTML(SwitchboardConstants.GREETING_HOMEPAGE, sb.getConfig(SwitchboardConstants.GREETING_HOMEPAGE, ""));

0 comments on commit b1e7bd0

Please sign in to comment.