From: Felix Dörre Date: Thu, 17 Jul 2014 21:58:54 +0000 (+0200) Subject: Convert CSRF-Problems to Exceptions. X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=13cb21e19f65dc9f8230a641edae676d88418889 Convert CSRF-Problems to Exceptions. --- diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java index 447e808a..d584cd09 100644 --- a/src/org/cacert/gigi/Gigi.java +++ b/src/org/cacert/gigi/Gigi.java @@ -18,7 +18,7 @@ import org.cacert.gigi.email.EmailProvider; import org.cacert.gigi.output.Menu; import org.cacert.gigi.output.MenuItem; import org.cacert.gigi.output.Outputable; -import org.cacert.gigi.output.Form.CSRFError; +import org.cacert.gigi.output.Form.CSRFException; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.LoginPage; import org.cacert.gigi.pages.MainPage; @@ -113,14 +113,14 @@ public class Gigi extends HttpServlet { } else { p.doGet(req, resp); } - } catch (IOException e) { - e.printStackTrace(); - } catch (CSRFError err) { + } catch (CSRFException err) { try { resp.sendError(500, "CSRF invalid"); } catch (IOException e) { e.printStackTrace(); } + } catch (IOException e) { + e.printStackTrace(); } } diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java index 2ffb8731..dd244d74 100644 --- a/src/org/cacert/gigi/output/Form.java +++ b/src/org/cacert/gigi/output/Form.java @@ -1,5 +1,6 @@ package org.cacert.gigi.output; +import java.io.IOException; import java.io.PrintWriter; import java.util.Map; @@ -45,29 +46,23 @@ public abstract class Form implements Outputable { return csrf; } - protected void checkCSRF(HttpServletRequest req) { - if (!csrf.equals(req.getParameter(CSRF_FIELD))) { - throw new CSRFError(); - } - } - - public static T getForm(HttpServletRequest req, Class target) { + public static T getForm(HttpServletRequest req, Class target) throws CSRFException { String csrf = req.getParameter(CSRF_FIELD); if (csrf == null) { - throw new CSRFError(); + throw new CSRFException(); } HttpSession hs = req.getSession(); if (hs == null) { - throw new CSRFError(); + throw new CSRFException(); } Form f = (Form) hs.getAttribute("form/" + target.getName() + "/" + csrf); if (f == null) { - throw new CSRFError(); + throw new CSRFException(); } return (T) f; } - public static class CSRFError extends Error { + public static class CSRFException extends IOException { } } diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java index 4f603522..e1c36886 100644 --- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java +++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java @@ -48,8 +48,6 @@ public class AssuranceForm extends Form { @Override public boolean submit(PrintWriter out, HttpServletRequest req) { - checkCSRF(req); - out.println("
"); boolean failed = false;