anyone ? :) so if no objections I will go ahead with the mentioned change :)
regards antonio On May 6, 2015, at 8:15 AM, Antonio Sanso <[email protected]> wrote: > hi *, > > as noted in SLING-4415 [0] sometimes the Error Message for Sling Post Servlet > might be a little too specific and disclose some information. > IMHO there is no need for this and in some situation as the one for [0] this > might even seen as a vulnerability. > For this reason I’d propose a really simple patch to avoid this once for all: > > Index: src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java > =================================================================== > --- src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java > (revision 1675826) > +++ src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java > (working copy) > @@ -212,11 +212,11 @@ > * @return an error or <code>null</code> > */ > public Throwable getError() { > - return getProperty(PN_ERROR, Throwable.class); > + return new Throwable("Exception during response processing."); > } > > > > public void setError(Throwable error) { > - setProperty(PN_ERROR, error); > + //NOTHING TO DO > } > > > > /** > > WDYT? > > regards > > antonio > > [0] https://issues.apache.org/jira/browse/SLING-4415
