composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-25 11:38:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°7147 - Error HTTP 500 due to access_token not URL decoded

Browse Source
This commit is contained in:
odain
2024-01-16 18:23:02 +01:00
parent cc5e105d7f
commit 9a26c37ffd
3 changed files with 97 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
sources/Application/TwigBase/Controller/Controller.php
View File

@@ -256,6 +256,7 @@ abstract class Controller extends AbstractController
}
/**
* @since 3.0.0 N°3606 - Adapt TwigBase Controller for combodo-monitoring extension
* @throws \Exception
*/
protected function CheckAccess()
@@ -271,12 +272,24 @@ abstract class Controller extends AbstractController
if (empty($sExecModule) || empty($sConfiguredAccessTokenValue)){
LoginWebPage::DoLogin($this->m_bMustBeAdmin);
}else {
} else {
//token mode without login required
$sPassedToken = utils::ReadParam($this->m_sAccessTokenConfigParamId, null);
if ($sPassedToken !== $sConfiguredAccessTokenValue){
//N°7147 - Error HTTP 500 due to access_token not URL decoded
$sPassedToken = utils::ReadPostedParam($this->m_sAccessTokenConfigParamId, null, false, 'raw_data');
if (is_null($sPassedToken)){
$sPassedToken = utils::ReadParam($this->m_sAccessTokenConfigParamId, null, false, 'raw_data');
}
$sDecodedPassedToken = urldecode($sPassedToken);
var_dump([$sPassedToken, $sDecodedPassedToken]);
if ($sDecodedPassedToken !== $sConfiguredAccessTokenValue){
$sMsg = "Invalid token passed under '$this->m_sAccessTokenConfigParamId' http param to reach '$sExecModule' page.";
IssueLog::Error($sMsg);
IssueLog::Error($sMsg, null,
[
'sHtmlDecodedToken' => $sDecodedPassedToken,
'conf param ID' => $this->m_sAccessTokenConfigParamId
]
);
throw new Exception("Invalid token");
}
}