/admin/tool must return 404 #10861 (#10867)

enonic · Jan 20, 2025 · 2b56c4e · 2b56c4e
1 parent f0c8b76
commit 2b56c4e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/modules/admin/admin-impl/src/main/java/com/enonic/xp/admin/impl/portal/AdminToolHandler.java b/modules/admin/admin-impl/src/main/java/com/enonic/xp/admin/impl/portal/AdminToolHandler.java
@@ -49,7 +49,7 @@ protected WebResponse doHandle( final WebRequest webRequest, final WebResponse w
         throws Exception
     {
         final String rawPath = webRequest.getRawPath();
-        if ( !( rawPath.equals( "/admin" ) || rawPath.equals( "/admin/" ) ) && !TOOL_CXT_PATTERN.matcher( rawPath ).find() )
+        if ( !rawPath.equals( "/admin" ) && !TOOL_CXT_PATTERN.matcher( rawPath ).find() )
         {
             throw WebException.notFound( "Invalid admin tool mount" );
         }

diff --git a/.../admin/admin-impl/src/test/java/com/enonic/xp/admin/impl/portal/AdminToolHandlerTest.java b/.../admin/admin-impl/src/test/java/com/enonic/xp/admin/impl/portal/AdminToolHandlerTest.java
@@ -137,6 +137,11 @@ void testInvalidAdminToolMount()
         ex = assertThrows( WebException.class, () -> this.handler.doHandle( this.portalRequest, this.webResponse, this.chain ) );
         assertEquals( HttpStatus.NOT_FOUND, ex.getStatus() );
         assertEquals( "Invalid admin tool mount", ex.getMessage() );
+
+        this.portalRequest.setRawPath( "/admin/" );
+        ex = assertThrows( WebException.class, () -> this.handler.doHandle( this.portalRequest, this.webResponse, this.chain ) );
+        assertEquals( HttpStatus.NOT_FOUND, ex.getStatus() );
+        assertEquals( "Invalid admin tool mount", ex.getMessage() );
     }
 
     private void mockDescriptor( DescriptorKey descriptorKey, boolean hasAccess )