[magnolia-dev] [JIRA] Updated: (MGNLSTK-800) ClassCastException in STK Demo Project when retrieving paragraph through URL

Thu, 29 Sep 2011 05:49:12 -0700 


     [ 
http://jira.magnolia-cms.com/browse/MGNLSTK-800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Edgar Vonk updated MGNLSTK-800:
-------------------------------

    Summary: ClassCastException in STK Demo Project when retrieving paragraph 
through URL  (was: ClassCastException in STK Demo Project)

> ClassCastException in STK Demo Project when retrieving paragraph through URL
> ----------------------------------------------------------------------------
>
>                 Key: MGNLSTK-800
>                 URL: http://jira.magnolia-cms.com/browse/MGNLSTK-800
>             Project: Magnolia Standard Templating Kit
>          Issue Type: Bug
>    Affects Versions: 1.4.5
>         Environment: Mac OS Lion, Magnolia Community 4.4.5, Tomcat Bundle
>            Reporter: Edgar Vonk
>            Assignee: Philipp Bärfuss
>         Attachments: catalina.out
>
>
> On the default Magnolia Community 4.4.5 with the STK JARs installed when I 
> retrieve this paragraph using the URL:
> http://localhost:8080/magnoliaPublic/demo-project/news-and-events/main/0
> I see in the logs:
> {{java.lang.ClassCastException: 
> info.magnolia.module.templatingkit.paragraphs.EventsListModel cannot be cast 
> to info.magnolia.module.templatingkit.templates.STKTemplateModel}}
> I am not sure if this is a bug in the STK but it seems so?
> If so, this can be quite harmfull for existing Magnolia (STK) sites I think. 
> It should be fairly easy to think of a DoD attack using such paragraph URLs. 
> The log file will flood in no time I think.
> On a side note: I wonder if it is a good idea to 'enable' these paragraph 
> URLs by default? It is not wise to disable this feature by default and let 
> people explicitly enable it? Because this bug shows it can be quite risky?
> I have attached the log file.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira




----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

Reply via email to