roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Huber (JIRA)" <>
Subject [jira] [Assigned] (ROL-1956) ValidateSaltFilter not working on file upload
Date Sun, 12 Jan 2014 10:55:51 GMT


Greg Huber reassigned ROL-1956:

    Assignee: Greg Huber  (was: Roller Unassigned)

> ValidateSaltFilter not working on file upload
> ---------------------------------------------
>                 Key: ROL-1956
>                 URL:
>             Project: Apache Roller
>          Issue Type: Bug
>    Affects Versions: 5.1
>         Environment: java version "1.7.0_03"
> OpenJDK Runtime Environment (IcedTea7 2.1.3) (7u3-2.1.3-1)
> OpenJDK 64-Bit Server VM (build 22.0-b10, mixed mode)
> tomcat7                               7.0.28-3+nmu1
>            Reporter: Matthias Wimmer
>            Assignee: Greg Huber
> When I try to upload a media file to roller, I get a Sercurity Violation thrown in org.apache.roller.weblogger.ui.core.filters.ValidateSaltFilter
> Debugging the problem I can see, that the salt is sent in the HTTP POST request to!save.rol
- but the call to (String) httpReq.getParameter("salt") in ValidateSaltFilter.doFilter does
return null.
> I guess that this is what
describes for the getParameter() method when it talks about the following:
> If the parameter data was sent in the request body, such as occurs with an HTTP POST
request, then reading the body directly via getInputStream() or getReader() can interfere
with the execution of this method.

This message was sent by Atlassian JIRA

View raw message