hi *,
as noted in SLING-4415 [0] sometimes the Error Message for Sling Post Servlet
might be a little too specific and disclose some information.
IMHO there is no need for this and in some situation as the one for [0] this
might even seen as a vulnerability.
For this reason I’d propose a really simple patch to avoid this once for all:
Index: src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java
===================================================================
--- src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java
(revision 1675826)
+++ src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java
(working copy)
@@ -212,11 +212,11 @@
* @return an error or <code>null</code>
*/
public Throwable getError() {
- return getProperty(PN_ERROR, Throwable.class);
+ return new Throwable("Exception during response processing.");
}
public void setError(Throwable error) {
- setProperty(PN_ERROR, error);
+ //NOTHING TO DO
}
/**
WDYT?
regards
antonio
[0] https://issues.apache.org/jira/browse/SLING-4415
