Skip to content

Commit

Permalink
Fixed: Security nonce not verified correctly.
Browse files Browse the repository at this point in the history
  • Loading branch information
@owen-joget
owen-joget committed Dec 7, 2021
1 parent 079ae15 commit 4394712
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<groupId>org.joget.plugin</groupId>
<artifactId>section-tabs</artifactId>
<packaging>bundle</packaging>
<version>7.0.6</version>
<version>7.0.7</version>
<name>section-tabs</name>
<url>http://www.joget.org</url>
<build>
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/joget/plugin/SectionTabs.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public String getName() {

@Override
public String getVersion() {
return "7.0.6";
return "7.0.7";
}

@Override
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/joget/plugin/SectionTabsChild.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public String getName() {

@Override
public String getVersion() {
return "7.0.6";
return "7.0.7";
}

@Override
Expand Down Expand Up @@ -114,7 +114,7 @@ public void webService(HttpServletRequest request, HttpServletResponse response)
formData.setActivityId(StringUtil.escapeString(request.getParameter("activityId"), StringUtil.TYPE_HTML, null));

String nonce = request.getParameter("_nonce");
if (!SecurityUtil.verifyNonce(nonce, new String[]{"SectionTabsChild", request.getParameter("_elementId"), nonce})) {
if (!SecurityUtil.verifyNonce(nonce, new String[]{"SectionTabsChild", request.getParameter("_elementId")})) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
Expand Down

0 comments on commit 4394712

Please sign in to comment.