diff options
author | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2013-01-31 22:56:05 +0100 |
---|---|---|
committer | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2013-01-31 23:00:28 +0100 |
commit | b56653a4ef33063407abf13b323d53883457fc70 (patch) | |
tree | 811b24f7168318ab742d83a692f6db62367d5455 /app | |
parent | 98a333e282c4ff5f420d533474210d0b116ed530 (diff) | |
download | ecs2-b56653a4ef33063407abf13b323d53883457fc70.tar.gz ecs2-b56653a4ef33063407abf13b323d53883457fc70.zip |
Changed security fix for redirects.
Now participants could create auth tokens with both "url" and "realm"
attributes (again).
Diffstat (limited to 'app')
-rw-r--r-- | app/models/message.rb | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/app/models/message.rb b/app/models/message.rb index ca4c306..0ba8365 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -204,9 +204,6 @@ class Message < ActiveRecord::Base unless bks.include?("url") or bks.include?("realm") raise Ecs::InvalidMessageException, "You have to provide realm or url attribute" end - if bks.include?("url") and bks.include?("realm") - raise Ecs::InvalidMessageException, "You only be allowed to use either realm or url attribute" - end #msg_id = URI.split(b["url"])[5][1..-1].sub(/[^\/]*\/[^\/]*\/(.*)/, '\1').to_i #begin |