[
http://www.stripesframework.org/jira/browse/STS-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ben Gunter resolved STS-555.
----------------------------
Resolution: Fixed
Fix Version/s: Release 1.6
Release 1.5.1
This is fixed for 1.5.1 and later. The patch suggested the possibility of
returning the input string if it is not encrypted/encoded. That would defeat
one of the purposes of encryption: preventing users from submitting a parameter
value other than the one the developer intended.
> _sourcePage passed request parameter via Javascript is having some exception
> on server side validation during getSourcePage
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: STS-555
> URL: http://www.stripesframework.org/jira/browse/STS-555
> Project: Stripes
> Issue Type: Improvement
> Components: Validation
> Environment: Tomcat 6.0.16,
> jdk1.6.0_05,
> Stripes 1.5b1.
> Eclipse 3.3.2.
> Windows XP.
> Internet Explorer 6.0
> Reporter: J G
> Fix For: Release 1.5.1, Release 1.6
>
> Attachments: CryptoUtil.java.patch
>
>
> Hi,
> Currently having an error during validation with errors and calling the
> getContext().getSourcePageResolution() in an ActionBean.. The exception
> trace..
> Bad Base64 input character at 0: 47(decimal)
> 15:14:30,117 DEBUG ExecutionContext:150 - Transitioning to lifecycle stage
> RequestComplete
> 15:14:30,117 WARN DefaultExceptionHandler:39 - Unhandled exception caught by
> the Stripes default exception handler.
> java.lang.IllegalArgumentException: Null input buffer
> at javax.crypto.Cipher.doFinal(DashoA13*..)
> at net.sourceforge.stripes.util.CryptoUtil.decrypt(CryptoUtil.java:188)
> at
> net.sourceforge.stripes.action.ActionBeanContext.getSourcePage(ActionBeanContext.java:249)
> at
> net.sourceforge.stripes.action.ActionBeanContext.getSourcePageResolution(ActionBeanContext.java:226)
> ....
> ...
> ...
> This only happens after a first load of my page. I have an href that have an
> image that has an onclick that triggers a javascript. Then in my javascript
> function I have Ajax.Updater method
> var params = 'initVar&id=' + nId
> + '&_sourcePage=\/bugMaintenance.jsp';
> new Ajax.Updater( "",
> "${pageContext.request.contextPath}/ctrlr/BugMaint.action",
> { method: 'post',
> postBody: params,
> onSuccess: successAddFunc,
> onFailure: errorAddFunc
> });
> I know this might is not the clean way, but do you have any ideas what is
> wrong? Or any suggestion how to do this via Ajax to pass the _sourcePage?
> I tried to debug the source code of stripes. The problem is on the
> ActionBeanContext.getSourcePage(). during the call to
> CryptoUtil.decrypt(sourcePage), since I did not encrypt the _sourcePage which
> I just tweaked and passed as request parameter during an Ajax call, the
> processing throws a Null pointer somewhere inside the decrypting of the
> source page.
> Inside the decrypt(String) method of CryptoUtil, the Base64.decode(input,
> BASE64_OPTIONS) returned null.
> Thanks,
> --jg
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://www.stripesframework.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
