Matthias Wimmer created ROL-1956:
------------------------------------
Summary: ValidateSaltFilter not working on file upload
Key: ROL-1956
URL: https://issues.apache.org/jira/browse/ROL-1956
Project: Roller
Issue Type: Bug
Affects Versions: 5.1
Environment: java version "1.7.0_03"
OpenJDK Runtime Environment (IcedTea7 2.1.3) (7u3-2.1.3-1)
OpenJDK 64-Bit Server VM (build 22.0-b10, mixed mode)
tomcat7 7.0.28-3+nmu1
Reporter: Matthias Wimmer
Assignee: Roller Unassigned
When I try to upload a media file to roller, I get a Sercurity Violation thrown
in org.apache.roller.weblogger.ui.core.filters.ValidateSaltFilter
Debugging the problem I can see, that the salt is sent in the HTTP POST request
to http://example.com/roller-ui/authoring/mediaFileAdd!save.rol - but the call
to (String) httpReq.getParameter("salt") in ValidateSaltFilter.doFilter does
return null.
I guess that this is what
http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html describes
for the getParameter() method when it talks about the following:
If the parameter data was sent in the request body, such as occurs with an HTTP
POST request, then reading the body directly via getInputStream() or
getReader() can interfere with the execution of this method.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
