From 6b985b637949909402c2e7be5e682b33d5e6abcd Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Fri, 25 Jul 2014 00:49:15 +0200
Subject: [PATCH] Enforce POST requests to only contain POST data.

---
 src/org/cacert/gigi/Gigi.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index d584cd09..9d1bb1b9 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -109,6 +109,9 @@ public class Gigi extends HttpServlet {
 				public void output(PrintWriter out, Language l, Map<String, Object> vars) {
 					try {
 						if (req.getMethod().equals("POST")) {
+							if (req.getQueryString() != null) {
+								return;
+							}
 							p.doPost(req, resp);
 						} else {
 							p.doGet(req, resp);
-- 
2.39.2