[freenet-cvs] r13120 - trunk/freenet/src/freenet/clients/http

[nextgens at freenetproject.org]

Author: nextgens
Date: 2007-05-03 09:42:22 +0000 (Thu, 03 May 2007)
New Revision: 13120

Modified:
   trunk/freenet/src/freenet/clients/http/PproxyToadlet.java
Log:
deny access to any plugin if there is no FullAccess

Modified: trunk/freenet/src/freenet/clients/http/PproxyToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/PproxyToadlet.java	2007-05-03 09:40:50 UTC (rev 13119)
+++ trunk/freenet/src/freenet/clients/http/PproxyToadlet.java	2007-05-03 09:42:22 UTC (rev 13120)
@@ -188,6 +188,12 @@
 
 	public void handleGet(URI uri, HTTPRequest request, ToadletContext ctx)
 		throws ToadletContextClosedException, IOException {
+
+		if(!ctx.isAllowedFullAccess()) {
+			super.sendErrorPage(ctx, 403, "Unauthorized", L10n.getString("Toadlet.unauthorized"));
+			return;
+		}
+
 		//String basepath = "/plugins/";
 		String path = request.getPath();
 
@@ -199,10 +205,6 @@
 			Logger.minor(this, "Pproxy fetching "+path);
 		try {
 			if (path.equals("")) {
-				if(!ctx.isAllowedFullAccess()) {
-					super.sendErrorPage(ctx, 403, "Unauthorized", L10n.getString("Toadlet.unauthorized"));
-					return;
-				}
 				this.showPluginList(ctx, request);
 			} else {
 				// split path into plugin class name and 'data' path for plugin
@@ -242,6 +244,11 @@
 	}
 
 	private void showPluginList(ToadletContext ctx, HTTPRequest request) throws ToadletContextClosedException, IOException {
+		if(!ctx.isAllowedFullAccess()) {
+			super.sendErrorPage(ctx, 403, "Unauthorized", L10n.getString("Toadlet.unauthorized"));
+			return;
+		}
+
 		if (!request.hasParameters()) {
 			HTMLNode pageNode = ctx.getPageMaker().getPageNode(l10n("pluginsWithNodeName", "name", core.getMyName()), ctx);
 			HTMLNode contentNode = ctx.getPageMaker().getContentNode(pageNode);