lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

#17894 Making sure the AntiForgeryAuthorizationFilter makes a good attempt at getting the name ("area" value) of the currently executing module

Browse Source 
work item: 17894

--HG--
branch : 1.x
This commit is contained in:
Nathan Heskew
2011-06-01 15:28:15 -07:00
parent 172e53dbde
commit 86c2f66488
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Orchard/Mvc/AntiForgery/AntiForgeryAuthorizationFilter.cs
View File

@@ -2,6 +2,7 @@ using System;
using System.Collections.Specialized;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;
using JetBrains.Annotations;
using Orchard.Environment.Extensions;
using Orchard.Mvc.Filters;
@@ -40,7 +41,7 @@ namespace Orchard.Mvc.AntiForgery {
}
private bool IsAntiForgeryProtectionEnabled(ControllerContext context) {
string currentModule = context.RouteData.Values["area"].ToString();
string currentModule = GetArea(context.RouteData);
if (!String.IsNullOrEmpty(currentModule)) {
foreach (var descriptor in _extensionManager.AvailableExtensions()) {
if (String.Equals(descriptor.Id, currentModule, StringComparison.OrdinalIgnoreCase)) {
@@ -55,6 +56,13 @@ namespace Orchard.Mvc.AntiForgery {
return false;
}
private static string GetArea(RouteData routeData) {
if (routeData.Values.ContainsKey("area"))
return routeData.Values["area"] as string;
return routeData.DataTokens["area"] as string ?? "";
}
private static bool ShouldValidateGet(AuthorizationContext context) {
const string tokenFieldName = "__RequestVerificationToken";