redmine_plugins/redmine_dmsf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Verify that user_agent is not nil before using it.

Browse Source
This commit is contained in:
COLA@Redminetest 2016-11-08 21:08:08 +01:00
parent f34c8ef4ec
commit 1ba6b3e7d5
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/redmine_dmsf/webdav/controller.rb
View File

@ -33,7 +33,7 @@ module RedmineDmsf
# Return NotFound if resource does not exist and the request is not anonymous.
NotFound
else
if request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?
if !request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?
# Anonymous request from MsOffice, respond 405.
# If responding with 401 then MsOffice will fail.
# If responding with 200 then MsOffice will think that anonymous access is ok for everything.
@ -48,7 +48,7 @@ module RedmineDmsf
# Return response to HEAD
def head
# exist? returns false if user is anonymous for ProjectResource and DmsfResource, but not for IndexResource.
unless(resource.exist? || (request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?))
unless(resource.exist? || (!request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office') && User.current && User.current.anonymous?))
# Return NotFound if resource does not exist and the request is not from an anonymous MsOffice product.
NotFound
else

4
lib/redmine_dmsf/webdav/resource_proxy.rb
View File

@ -54,9 +54,9 @@ module RedmineDmsf
return true if @request.request_method.downcase == 'options' && (path == '/' || path.empty?)
# Allow anonymous OPTIONS requests from MsOffice
return true if @request.request_method.downcase == 'options' && @request.user_agent.downcase.include?('microsoft office')
return true if @request.request_method.downcase == 'options' && !@request.user_agent.nil? && @request.user_agent.downcase.include?('microsoft office')
# Allow anonymous HEAD requests from MsOffice
return true if @request.request_method.downcase == 'head' && request.user_agent.downcase.include?('microsoft office')
return true if @request.request_method.downcase == 'head' && !@request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office')
return false unless username && password
User.current = User.try_to_login(username, password)