XMLRPC isn't working anymore
----------------------------
Key: XWIKI-1883
URL: http://jira.xwiki.org/jira/browse/XWIKI-1883
Project: XWiki Platform
Issue Type: Bug
Components: Web Services
Affects Versions: 1.2 M2
Reporter: Vincent Massol
Priority: Critical
Fix For: 1.2 RC1
A patch was recently introduced to fix a security issue
(http://jira.xwiki.org/jira/browse/XWIKI-1832 - it's marked confidential so you
won't be able to see it probably).
However it fails in some cases apparently.
The issue is that the XWikiContext is created for each XMLRPC request and the
user isn't set inside it and some parts of the rights checking code checks for
the user.
{noformat}
Caused by:
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(String.java:1938)
at com.xpn.xwiki.util.Util.getWeb(Util.java:200)
at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.isSuperUser(XWikiRightServiceImpl.java:700)
at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.hasAccessLevel(XWikiRightServiceImpl.java:494)
at
com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.hasAccessLevel(XWikiRightServiceImpl.java:231)
at
com.xpn.xwiki.xmlrpc.DomainObjectFactory.checkRights(DomainObjectFactory.java:119)
at
com.xpn.xwiki.xmlrpc.DomainObjectFactory.getDocFromPageId(DomainObjectFactory.java:89)
at
com.xpn.xwiki.xmlrpc.ConfluenceRpcHandler.renderContent(ConfluenceRpcHandler.java:682)
{noformat}
Reverting the patch for now.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
