From 851f8c8ed0959c75a2bd28a61ff4cd5dd49f98f5 Mon Sep 17 00:00:00 2001 From: Christian Maierhofer Date: Tue, 26 Apr 2016 15:15:35 +0200 Subject: fixed allowed url prefix check bug --- .../java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index bca080ba6..82e46b6ce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -525,7 +525,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { boolean isAllowedDestination = false; for (String prefix : allowedPublicURLPrefix) { - if (!resp.getDestination().startsWith( + if (resp.getDestination().startsWith( prefix)) { isAllowedDestination = true; break; -- cgit v1.2.3