Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision a1ea5c57

Von Bernd Bleßmann vor fast 5 Jahren hinzugefügt

  • ID a1ea5c578a64fba5e6ee629f22b81642c32c22f7
  • Vorgänger a21cec52
  • Nachfolger 7d723451

Login: blacklisting bei Callback für Redirect zum Ziel implementiert

Unterschiede anzeigen:

SL/Dispatcher.pm
402 402 
  if (   $action =~ m/LoginScreen\/user_login/
403 403 
      && $params{action}
404 404 
      && 'get' eq lc($ENV{REQUEST_METHOD})
405 
      && !_is_callback_blacklisted(map {$_ => $params{$_}} qw(routing_type script controller action) )
405 406 
  ) {
406 407 

  		




  407
  408
  
    
    require SL::Controller::Base;


  		




  ......




  419
  420
  
    
  $self->end_request;


  		




  420
  421
  
    
}


  		




  421
  422
  
    

  		




  
  423
  
    
sub _is_callback_blacklisted {


  		




  
  424
  
    
  my (%params) = @_;


  		




  
  425
  
    

  		




  
  426
  
    
  # You can give a name only, then all actions are blackisted.


  		




  
  427
  
    
  # Or you can give name and action, then only this action is blacklisted


  		




  
  428
  
    
  # examples:


  		




  
  429
  
    
  # {name => 'is',      action => 'edit'}


  		




  
  430
  
    
  # {name => 'Project', action => 'edit'},


  		




  
  431
  
    
  my @script_blacklist = (


  		




  
  432
  
    
    {name => 'admin'},


  		




  
  433
  
    
    {name => 'login'},


  		




  
  434
  
    
  );


  		




  
  435
  
    

  		




  
  436
  
    
  my @controller_blacklist = (


  		




  
  437
  
    
    {name => 'Admin'},


  		




  
  438
  
    
    {name => 'LoginScreen'},


  		




  
  439
  
    
  );


  		




  
  440
  
    

  		




  
  441
  
    
  my ($name, $blacklist);


  		




  
  442
  
    
  if ('old' eq ($params{routing_type} // '')) {


  		




  
  443
  
    
    $name      = $params{script};


  		




  
  444
  
    
    $blacklist = \@script_blacklist;


  		




  
  445
  
    
  } else {


  		




  
  446
  
    
    $name      = $params{controller};


  		




  
  447
  
    
    $blacklist = \@controller_blacklist;


  		




  
  448
  
    
  }


  		




  
  449
  
    

  		




  
  450
  
    
  foreach my $bl (@$blacklist) {


  		




  
  451
  
    
    return 1 if _is_name_action_blacklisted($bl->{name}, $bl->{action}, $name, $params{action});


  		




  
  452
  
    
  }


  		




  
  453
  
    

  		




  
  454
  
    
  return;


  		




  
  455
  
    
}


  		




  
  456
  
    

  		




  
  457
  
    
sub _is_name_action_blacklisted {


  		




  
  458
  
    
  my ($blacklisted_name, $blacklisted_action, $name, $action) = @_;


  		




  
  459
  
    

  		




  
  460
  
    
  return 1 if ($name // '') eq $blacklisted_name && !$blacklisted_action;


  		




  
  461
  
    
  return 1 if ($name // '') eq $blacklisted_name && ($action // '') eq $blacklisted_action;


  		




  
  462
  
    
  return;


  		




  
  463
  
    
}


  		




  
  464
  
    

  		




  422
  465
  
    
sub unrequire_bin_mozilla {


  		




  423
  466
  
    
  my $self = shift;


  		




  424
  467
  
    
  return unless $self->_interface_is_fcgi;


  		












Auch abrufbar als:  Unified diff