- security fix for addTag.java and editTag.java

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@5526 6c8d7289-2bf4-0310-a012-ef5d649a1542
16 years ago · 96684df1a9
parent 6dd52422ea
commit 96684df1a9
2 changed files with 11 additions and 5 deletions
--- a/htroot/api/bookmarks/tags/addTag.java
+++ b/htroot/api/bookmarks/tags/addTag.java
@ -8,12 +8,15 @@ import de.anomic.data.bookmarksDB.Bookmark;

 public class addTag {
    public static serverObjects respond(final httpRequestHeader header, final serverObjects post, final serverSwitch<?> env) {
-        // return variable that accumulates replacements
+
        final plasmaSwitchboard switchboard = (plasmaSwitchboard) env;
        final serverObjects prop = new serverObjects();
+        boolean isAdmin = false;
+        isAdmin = switchboard.verifyAuthentication(header, true);
+        
        prop.put("result", "0");//error
        //rename tags
-        if(post != null) {
+        if(post != null && isAdmin) {
        	if (post.containsKey("selectTag") && post.containsKey("addTag")) {
                switchboard.bookmarksDB.addTag(post.get("selectTag"), post.get("addTag"));
                prop.put("result", "1");//success       	
--- a/htroot/api/bookmarks/tags/editTag.java
+++ b/htroot/api/bookmarks/tags/editTag.java
@ -6,12 +6,15 @@ import de.anomic.server.serverSwitch;

 public class editTag {
    public static serverObjects respond(final httpRequestHeader header, final serverObjects post, final serverSwitch<?> env) {
-        // return variable that accumulates replacements
-        final plasmaSwitchboard switchboard = (plasmaSwitchboard) env;
+        
+        final plasmaSwitchboard switchboard = (plasmaSwitchboard) env;    	      
        final serverObjects prop = new serverObjects();
+        boolean isAdmin = false;
+        isAdmin = switchboard.verifyAuthentication(header, true);
+        
        prop.put("result", "0");//error
        //rename tags
-        if(post != null && post.containsKey("old") && post.containsKey("new")){
+        if(post != null && isAdmin && post.containsKey("old") && post.containsKey("new")){
            if(switchboard.bookmarksDB.renameTag(post.get("old"), post.get("new")))
                prop.put("result", "1");//success
        }