• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

net.jforum.ActionServletRequest. CVS 1.27

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
net.jforum.ActionServletRequest randomly gives

18:14:47,817 ERROR [ExceptionWriter ] java.lang.ArrayIndexOutOfBoundsException: 3
at net.jforum.ActionServletRequest.<init>(ActionServletRequest.java:284)

at this code
// <moduleName>.<actionName>.<numberOfParameters>
UrlPattern url = UrlPatternCollection.findPattern(urlModel[moduleIndex]
+ "."
+ urlModel[actionIndex]
+ "."
+ (urlModel.length - baseLen));

looks like the actual length of calculated above
tring[] urlModel = requestUri.split("/");
is not checked.

[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So, jforum/jforum.page should not be accessed via GET methods. You should access jfourm/forums/list.page or anything like that.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rafael Steil wrote:So, jforum/jforum.page should not be accessed via GET methods. You should access jfourm/forums/list.page or anything like that.

Rafael



The /jforum/jforum.page should not be accessed direcly,
but it should not throw an exception, it should (probably) redirect to start or something like that.

Otherwise this can be:
1. Denial of servise attack. One click - and about 7kb exception in log. Fill out disk space shortly.
2. Hard to find a "real" exception in a pile of this exception in log.

I am not sure how I got this /jforum/jforum.page
Probably I was redirected there with some kind of jforum activity, but I am not sure.
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This much probably is due an incorrect URL being acessed. When you get this error, get the URL address you're and paste it here, please.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rafael Steil wrote:This much probably is due an incorrect URL being acessed. When you get this error, get the URL address you're and paste it here, please.

Rafael



The URL which breaks http://192.168.1.20/jforum/jforum.page
I added debug printing code
---------- Action, rurl=/jforum/jforum.page' LEN=3
i=0 urlModel[i]='
i=1 urlModel[i]=jforum'
i=2 urlModel[i]=jforum.page'
then exception is thrown


and this URL works OK: http://192.168.1.20//forum/forums/list.page
---------- Action, rurl=/jforum/forums/list.page' LEN=4
i=0 urlModel[i]='
i=1 urlModel[i]=jforum'
i=2 urlModel[i]=forums'
i=3 urlModel[i]=list.page'

I believe all incorrect URLs should be correctly dealt with, not just an exception thrown.


[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The debug code I added.
System.err.println("---------- Action, rurl="+requestUri+"' LEN="+urlModel.length);
for(int i=0;i<urlModel.length;i++) >
{
System.err.println("i="+i+" urlModel[i]="+urlModel[i]+"'");
}

[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is used in POST forms.. but I aggree with you that, if it his hit via GET, it may be a good idea do send to /forums/list.page.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Clowns were never meant to be THAT big! We must destroy it with this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic