BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure checksum validation is done first in join API and display an error without redirection in failure case.

Browse Source
This commit is contained in:
Ghazi Triki 2021-02-09 19:03:54 +01:00
parent 8a1cf91b94
commit 5f683809cd
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
View File

@ -209,7 +209,12 @@ class ApiController {
// BEGIN - backward compatibility
if (StringUtils.isEmpty(params.checksum)) {
invalid("checksumError", "You did not pass the checksum security check", REDIRECT_RESPONSE)
invalid("checksumError", "You did not pass the checksum security check")
return
}
if (!paramsProcessorUtil.isChecksumSame(API_CALL, params.checksum, request.getQueryString())) {
invalid("checksumError", "You did not pass the checksum security check")
return
}
@ -241,11 +246,6 @@ class ApiController {
return
}
if (!paramsProcessorUtil.isChecksumSame(API_CALL, params.checksum, request.getQueryString())) {
invalid("checksumError", "You did not pass the checksum security check", REDIRECT_RESPONSE)
return
}
// END - backward compatibility
// Do we have a checksum? If none, complain.