Return-Path: 
 <jspwiki-dev-return-4951-apmail-incubator-jspwiki-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-jspwiki-dev-archive@minotaur.apache.org
Received: (qmail 77084 invoked from network); 19 Mar 2009 08:02:25 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 19 Mar 2009 08:02:25 -0000
Received: (qmail 24050 invoked by uid 500); 19 Mar 2009 08:02:24 -0000
Delivered-To: apmail-incubator-jspwiki-dev-archive@incubator.apache.org
Received: (qmail 24037 invoked by uid 500); 19 Mar 2009 08:02:24 -0000
Mailing-List: contact jspwiki-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:jspwiki-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:jspwiki-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:jspwiki-dev@incubator.apache.org>
List-Id: <jspwiki-dev.incubator.apache.org>
Reply-To: jspwiki-dev@incubator.apache.org
Delivered-To: mailing list jspwiki-dev@incubator.apache.org
Received: (qmail 24026 invoked by uid 99); 19 Mar 2009 08:02:24 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Mar 2009 01:02:24 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jalkanen@ecyrd.com designates
 193.64.5.122 as permitted sender)
Received: from [193.64.5.122] (HELO mail.ecyrd.com) (193.64.5.122)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Mar 2009 08:02:14 +0000
Received: by mail.ecyrd.com (Postfix, from userid 1001)
	id E4BFB97C3F8; Thu, 19 Mar 2009 10:01:53 +0200 (EET)
Date: Thu, 19 Mar 2009 10:01:53 +0200
From: Janne Jalkanen <janne.jalkanen@iki.fi>
To: jspwiki-dev@incubator.apache.org
Subject: Re: www.jspwiki.org responding with NPE's
Message-ID: <20090319080153.GB10940@ecyrd.com>
References: <3a6c97f00903181056p57db5ed1te012e53eff29dd01@mail.gmail.com>
 <09488C7B-3A0D-49B4-9EBB-964FE2FA51CA@ecyrd.com>
 <3a6c97f00903182302v658470ceo1975f2102a3b6f89@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3a6c97f00903182302v658470ceo1975f2102a3b6f89@mail.gmail.com>
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Virus-Checked: Checked by ClamAV on apache.org

Yeah, I have no idea what is going.  I tried to muck about in the
server to do some checks, but at the moment I think we may have to
assume that some spammer has found a way to break JSPWiki.

I am in no position to do anything except read emails for the next
some time, so could someone please check the case where illegal
characters (#[]) end up in username?

/Janne

On Thu, Mar 19, 2009 at 07:02:51AM +0100, Harry Metske wrote:
> Thanks, but now I have a couple of different errors, first the Main page is
> empty, but looking at the version history this shows no recent changes, and
> also the View Page Source shows the content.
> Then, trying to login, I get :
> 
> An unknown exception java.lang.NullPointerException was caught by Error.jsp.
> *Exception*java.lang.NullPointerException*Place where
> detected*java.lang.String.compareTo(),
> line 1168So it's almost fixed I guess :-)
> 
> regards,
> Harry
> 
> 2009/3/18 Janne Jalkanen <janne.jalkanen@ecyrd.com>
> 
> >
> > Yes, I just kicked the server.
> >
> > It would appear that there is a spambot registering a lot of userids which
> > broke our xmluserdatabase.  In which situation we would have an user account
> > with no user id?  I've got a ton of these now in the database:
> >
> >    <user uid="" loginName="Kayarveattews" wikiName="Kayarveattews"
> > fullName="Kayarveattews" email="serabarclay0214@gma
> > il.com" password="{SSHA}NMJhGEkqxH+gAfskH1IgRqfJP5nqdxNhV0SUYA=="
> > created="2009.03.17 at 08:40:44:598 EET" lastModified
> > ="2009.03.17 at 08:40:44:598 EET" lockExpiry="" >    </user>
> >
> > The user ids were generated properly until this user:
> >
> >    <user uid="" loginName="#dennick[IRIFIFZFZIII]"
> > wikiName="#dennick[IRIFIFZFZIII]" fullName="#dennick[IRIFIFZFZIII]" email="
> > gladyskerr0863@gmail.com"
> > password="{SSHA}csdOtEsTz4l2l0gtBjDESF5bJkFgSlx+hTMA8Q=="
> > created="2009.03.01 at 18:54:22:468 EET" lastModified="2009.03.01 at
> > 18:54:22:468 EET" lockExpiry="" >
> >    </user>
> >
> > I think it's got something to do with the # and [] characters.  Andrew?
> >
> > /Janne
> >
> >
> > On 18 Mar 2009, at 19:56, Harry Metske wrote:
> >
> >  I don't know how long this is going on, but on every URL within
> >> http://www.jspwiki.org I get the following exception:
> >>
> >> java.lang.NullPointerException
> >>
> >>  org.apache.xerces.dom.DeepNodeListImpl.nextMatchingElementAfter(Unknown
> >> Source)
> >>        org.apache.xerces.dom.DeepNodeListImpl.item(Unknown Source)
> >>        org.apache.xerces.dom.DeepNodeListImpl.getLength(Unknown Source)
> >>
> >>  com.ecyrd.jspwiki.auth.user.XMLUserDatabase.findByAttribute(XMLUserDatabase.java:617)
> >>
> >>  com.ecyrd.jspwiki.auth.user.XMLUserDatabase.findByFullName(XMLUserDatabase.java:163)
> >>
> >>  com.ecyrd.jspwiki.auth.user.AbstractUserDatabase.find(AbstractUserDatabase.java:81)
> >>
> >>  com.ecyrd.jspwiki.WikiSession.injectUserProfilePrincipals(WikiSession.java:672)
> >>        com.ecyrd.jspwiki.WikiSession.actionPerformed(WikiSession.java:548)
> >>
> >>  com.ecyrd.jspwiki.event.WikiEventManager$WikiEventDelegate.fireEvent(WikiEventManager.java:566)
> >>
> >>  com.ecyrd.jspwiki.event.WikiEventManager.fireEvent(WikiEventManager.java:347)
> >>
> >>  com.ecyrd.jspwiki.auth.AuthenticationManager.fireEvent(AuthenticationManager.java:677)
> >>
> >>  com.ecyrd.jspwiki.auth.AuthenticationManager.login(AuthenticationManager.java:301)
> >>
> >>  com.ecyrd.jspwiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:156)
> >>        com.ecyrd.jspwiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:111)
> >>
> >> Can someone poke around a bit ?
> >>
> >> thanks,
> >> Harry
> >>
> >
> >