ClassCastException in STK Demo Project
--------------------------------------
Key: MGNLSTK-800
URL: http://jira.magnolia-cms.com/browse/MGNLSTK-800
Project: Magnolia Standard Templating Kit
Issue Type: Bug
Affects Versions: 1.4.5
Environment: Mac OS Lion, Magnolia Community 4.4.5, Tomcat Bundle
Reporter: Edgar Vonk
Assignee: Philipp Bärfuss
Attachments: catalina.out
On the default Magnolia Community 4.4.5 with the STK JARs installed when I
retrieve this paragraph using the URL:
http://localhost:8080/magnoliaPublic/demo-project/news-and-events/main/0
I see in the logs:
{{java.lang.ClassCastException:
info.magnolia.module.templatingkit.paragraphs.EventsListModel cannot be cast to
info.magnolia.module.templatingkit.templates.STKTemplateModel}}
I am not sure if this is a bug in the STK but it seems so?
If so, this can be quite harmfull for existing Magnolia (STK) sites I think. It
should be fairly easy to think of a DoD attack using such paragraph URLs. The
log file will flood in no time I think.
On a side note: I wonder if it is a good idea to 'enable' these paragraph URLs
by default? It is not wise to disable this feature by default and let people
explicitly enable it? Because this bug shows it can be quite risky?
I have attached the log file.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
