Yeah, I have no idea what is going. I tried to muck about in the server to do some checks, but at the moment I think we may have to assume that some spammer has found a way to break JSPWiki.
I am in no position to do anything except read emails for the next some time, so could someone please check the case where illegal characters (#[]) end up in username? /Janne On Thu, Mar 19, 2009 at 07:02:51AM +0100, Harry Metske wrote: > Thanks, but now I have a couple of different errors, first the Main page is > empty, but looking at the version history this shows no recent changes, and > also the View Page Source shows the content. > Then, trying to login, I get : > > An unknown exception java.lang.NullPointerException was caught by Error.jsp. > *Exception*java.lang.NullPointerException*Place where > detected*java.lang.String.compareTo(), > line 1168So it's almost fixed I guess :-) > > regards, > Harry > > 2009/3/18 Janne Jalkanen <[email protected]> > > > > > Yes, I just kicked the server. > > > > It would appear that there is a spambot registering a lot of userids which > > broke our xmluserdatabase. In which situation we would have an user account > > with no user id? I've got a ton of these now in the database: > > > > <user uid="" loginName="Kayarveattews" wikiName="Kayarveattews" > > fullName="Kayarveattews" email="serabarclay0...@gma > > il.com" password="{SSHA}NMJhGEkqxH+gAfskH1IgRqfJP5nqdxNhV0SUYA==" > > created="2009.03.17 at 08:40:44:598 EET" lastModified > > ="2009.03.17 at 08:40:44:598 EET" lockExpiry="" > </user> > > > > The user ids were generated properly until this user: > > > > <user uid="" loginName="#dennick[IRIFIFZFZIII]" > > wikiName="#dennick[IRIFIFZFZIII]" fullName="#dennick[IRIFIFZFZIII]" email=" > > [email protected]" > > password="{SSHA}csdOtEsTz4l2l0gtBjDESF5bJkFgSlx+hTMA8Q==" > > created="2009.03.01 at 18:54:22:468 EET" lastModified="2009.03.01 at > > 18:54:22:468 EET" lockExpiry="" > > > </user> > > > > I think it's got something to do with the # and [] characters. Andrew? > > > > /Janne > > > > > > On 18 Mar 2009, at 19:56, Harry Metske wrote: > > > > I don't know how long this is going on, but on every URL within > >> http://www.jspwiki.org I get the following exception: > >> > >> java.lang.NullPointerException > >> > >> org.apache.xerces.dom.DeepNodeListImpl.nextMatchingElementAfter(Unknown > >> Source) > >> org.apache.xerces.dom.DeepNodeListImpl.item(Unknown Source) > >> org.apache.xerces.dom.DeepNodeListImpl.getLength(Unknown Source) > >> > >> > >> com.ecyrd.jspwiki.auth.user.XMLUserDatabase.findByAttribute(XMLUserDatabase.java:617) > >> > >> > >> com.ecyrd.jspwiki.auth.user.XMLUserDatabase.findByFullName(XMLUserDatabase.java:163) > >> > >> > >> com.ecyrd.jspwiki.auth.user.AbstractUserDatabase.find(AbstractUserDatabase.java:81) > >> > >> > >> com.ecyrd.jspwiki.WikiSession.injectUserProfilePrincipals(WikiSession.java:672) > >> com.ecyrd.jspwiki.WikiSession.actionPerformed(WikiSession.java:548) > >> > >> > >> com.ecyrd.jspwiki.event.WikiEventManager$WikiEventDelegate.fireEvent(WikiEventManager.java:566) > >> > >> > >> com.ecyrd.jspwiki.event.WikiEventManager.fireEvent(WikiEventManager.java:347) > >> > >> > >> com.ecyrd.jspwiki.auth.AuthenticationManager.fireEvent(AuthenticationManager.java:677) > >> > >> > >> com.ecyrd.jspwiki.auth.AuthenticationManager.login(AuthenticationManager.java:301) > >> > >> > >> com.ecyrd.jspwiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:156) > >> com.ecyrd.jspwiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:111) > >> > >> Can someone poke around a bit ? > >> > >> thanks, > >> Harry > >> > > > >
