incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <janne.jalka...@iki.fi>
Subject Re: www.jspwiki.org responding with NPE's
Date Thu, 19 Mar 2009 08:01:53 GMT
Yeah, I have no idea what is going.  I tried to muck about in the
server to do some checks, but at the moment I think we may have to
assume that some spammer has found a way to break JSPWiki.

I am in no position to do anything except read emails for the next
some time, so could someone please check the case where illegal
characters (#[]) end up in username?

/Janne

On Thu, Mar 19, 2009 at 07:02:51AM +0100, Harry Metske wrote:
> Thanks, but now I have a couple of different errors, first the Main page is
> empty, but looking at the version history this shows no recent changes, and
> also the View Page Source shows the content.
> Then, trying to login, I get :
> 
> An unknown exception java.lang.NullPointerException was caught by Error.jsp.
> *Exception*java.lang.NullPointerException*Place where
> detected*java.lang.String.compareTo(),
> line 1168So it's almost fixed I guess :-)
> 
> regards,
> Harry
> 
> 2009/3/18 Janne Jalkanen <janne.jalkanen@ecyrd.com>
> 
> >
> > Yes, I just kicked the server.
> >
> > It would appear that there is a spambot registering a lot of userids which
> > broke our xmluserdatabase.  In which situation we would have an user account
> > with no user id?  I've got a ton of these now in the database:
> >
> >    <user uid="" loginName="Kayarveattews" wikiName="Kayarveattews"
> > fullName="Kayarveattews" email="serabarclay0214@gma
> > il.com" password="{SSHA}NMJhGEkqxH+gAfskH1IgRqfJP5nqdxNhV0SUYA=="
> > created="2009.03.17 at 08:40:44:598 EET" lastModified
> > ="2009.03.17 at 08:40:44:598 EET" lockExpiry="" >    </user>
> >
> > The user ids were generated properly until this user:
> >
> >    <user uid="" loginName="#dennick[IRIFIFZFZIII]"
> > wikiName="#dennick[IRIFIFZFZIII]" fullName="#dennick[IRIFIFZFZIII]" email="
> > gladyskerr0863@gmail.com"
> > password="{SSHA}csdOtEsTz4l2l0gtBjDESF5bJkFgSlx+hTMA8Q=="
> > created="2009.03.01 at 18:54:22:468 EET" lastModified="2009.03.01 at
> > 18:54:22:468 EET" lockExpiry="" >
> >    </user>
> >
> > I think it's got something to do with the # and [] characters.  Andrew?
> >
> > /Janne
> >
> >
> > On 18 Mar 2009, at 19:56, Harry Metske wrote:
> >
> >  I don't know how long this is going on, but on every URL within
> >> http://www.jspwiki.org I get the following exception:
> >>
> >> java.lang.NullPointerException
> >>
> >>  org.apache.xerces.dom.DeepNodeListImpl.nextMatchingElementAfter(Unknown
> >> Source)
> >>        org.apache.xerces.dom.DeepNodeListImpl.item(Unknown Source)
> >>        org.apache.xerces.dom.DeepNodeListImpl.getLength(Unknown Source)
> >>
> >>  com.ecyrd.jspwiki.auth.user.XMLUserDatabase.findByAttribute(XMLUserDatabase.java:617)
> >>
> >>  com.ecyrd.jspwiki.auth.user.XMLUserDatabase.findByFullName(XMLUserDatabase.java:163)
> >>
> >>  com.ecyrd.jspwiki.auth.user.AbstractUserDatabase.find(AbstractUserDatabase.java:81)
> >>
> >>  com.ecyrd.jspwiki.WikiSession.injectUserProfilePrincipals(WikiSession.java:672)
> >>        com.ecyrd.jspwiki.WikiSession.actionPerformed(WikiSession.java:548)
> >>
> >>  com.ecyrd.jspwiki.event.WikiEventManager$WikiEventDelegate.fireEvent(WikiEventManager.java:566)
> >>
> >>  com.ecyrd.jspwiki.event.WikiEventManager.fireEvent(WikiEventManager.java:347)
> >>
> >>  com.ecyrd.jspwiki.auth.AuthenticationManager.fireEvent(AuthenticationManager.java:677)
> >>
> >>  com.ecyrd.jspwiki.auth.AuthenticationManager.login(AuthenticationManager.java:301)
> >>
> >>  com.ecyrd.jspwiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:156)
> >>        com.ecyrd.jspwiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:111)
> >>
> >> Can someone poke around a bit ?
> >>
> >> thanks,
> >> Harry
> >>
> >
> >

Mime
View raw message