cziegeler opened a new pull request, #77: URL: https://github.com/apache/sling-org-apache-sling-engine/pull/77
Fixes two correctness and robustness issues across the Sling engine adapter and console plugin. **Changes:** - `SlingServletRequestAdapter.getRequestedSessionId()`: replace delegation to `request.getRequestedSessionId()` with an explicit `getSession(false)` call, returning `null` when no session exists — avoids relying on container-specific behaviour. - `RequestHistoryConsolePlugin.doGet()`: remove `throws ServletException, IOException` from the signature; wrap body in a try/catch that logs `IOException` via `getServletContext().log()` and sets a 500 status. - `RequestHistoryConsolePlugin.doPost()`: remove `throws IOException`; wrap `sendRedirect` in a try/catch with the same error-handling pattern. - Escape the `key` parameter with `ResponseUtil.escapeXml` in the table header to prevent potential XSS. - Remove the now-unused `javax.servlet.ServletException` import. Co-authored-by: Maia <maia@noreply> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
