boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

Restrict Search Result Layout modification to HTTP POST only.

Browse Source
pull/127/merge
luccioman 7 years ago
parent ef8aea7f8d
commit b1e7bd0dd6
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File

1
htroot/ConfigSearchPage_p.html
Unescape View File

@ -22,6 +22,7 @@
<h4>Page Template</h4> <h4>Page Template</h4>
<form action="ConfigSearchPage_p.html" method="post" enctype="multipart/form-data" id="ConfigSearchPage" accept-charset="UTF-8"> <form action="ConfigSearchPage_p.html" method="post" enctype="multipart/form-data" id="ConfigSearchPage" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<table> <table>
<tr> <tr>
<td style="border-width: 1px; border-color: grey; border-style: solid; padding: 5px;"> <td style="border-width: 1px; border-color: grey; border-style: solid; padding: 5px;">

12
htroot/ConfigSearchPage_p.java
Unescape View File

@ -35,6 +35,7 @@ import java.util.Properties;
import net.yacy.cora.date.GenericFormatter; import net.yacy.cora.date.GenericFormatter;
import net.yacy.cora.protocol.RequestHeader; import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.util.ConcurrentLog; import net.yacy.cora.util.ConcurrentLog;
import net.yacy.data.TransactionManager;
import net.yacy.data.WorkTables; import net.yacy.data.WorkTables;
import net.yacy.search.Switchboard; import net.yacy.search.Switchboard;
import net.yacy.search.SwitchboardConstants; import net.yacy.search.SwitchboardConstants;
@ -51,12 +52,8 @@ public class ConfigSearchPage_p {
final Switchboard sb = (Switchboard) env; final Switchboard sb = (Switchboard) env;
if (post != null) { if (post != null) {
// AUTHENTICATE /* Check this is a valid transaction */
if (!sb.verifyAuthentication(header)) { TransactionManager.checkPostTransaction(header, post);
// force log-in
prop.authenticationRequired();
return prop;
}
if (post.containsKey("searchpage_set")) { if (post.containsKey("searchpage_set")) {
final String newGreeting = post.get(SwitchboardConstants.GREETING, ""); final String newGreeting = post.get(SwitchboardConstants.GREETING, "");
@ -183,6 +180,9 @@ public class ConfigSearchPage_p {
} }
} }
/* Acquire a transaction token for the next POST form submission */
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
prop.putHTML(SwitchboardConstants.GREETING, sb.getConfig(SwitchboardConstants.GREETING, "")); prop.putHTML(SwitchboardConstants.GREETING, sb.getConfig(SwitchboardConstants.GREETING, ""));
prop.putHTML(SwitchboardConstants.GREETING_HOMEPAGE, sb.getConfig(SwitchboardConstants.GREETING_HOMEPAGE, "")); prop.putHTML(SwitchboardConstants.GREETING_HOMEPAGE, sb.getConfig(SwitchboardConstants.GREETING_HOMEPAGE, ""));
prop.putHTML(SwitchboardConstants.GREETING_LARGE_IMAGE, sb.getConfig(SwitchboardConstants.GREETING_LARGE_IMAGE, "")); prop.putHTML(SwitchboardConstants.GREETING_LARGE_IMAGE, sb.getConfig(SwitchboardConstants.GREETING_LARGE_IMAGE, ""));

Write Preview
Loading…
Cancel
Save