dhis2-devs team mailing list archive

[noreply@xxxxxxxxxxxxx]

------------------------------------------------------------
revno: 11796
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2013-08-26 00:05:17 +0200
message:
  bugfix for ExternalAccessVoter, allow any access to any fileextension
modified:
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java	2013-08-24 13:31:19 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/ExternalAccessVoter.java	2013-08-25 22:05:17 +0000
@@ -107,7 +107,7 @@
 
                 if ( urlSplit[1].equals( "api" ) && externalClasses.get( type ) != null )
                 {
-                    String uid = urlSplit[3];
+                    String uid = getUidPart( urlSplit[3] );
 
                     if ( CodeGenerator.isValidCode( uid ) )
                     {
@@ -128,4 +128,14 @@
 
         return ACCESS_ABSTAIN;
     }
+
+    private String getUidPart( String uidPath )
+    {
+        if ( uidPath.contains( "." ) )
+        {
+            return uidPath.substring( 0, uidPath.indexOf( "." ) );
+        }
+
+        return uidPath;
+    }
 }