You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Gregor Imboden <gr...@wyona.com> on 2005/12/14 10:25:50 UTC
FilePolicyManager infinite loop
Hi Devs,
The following code in FilePolicyManager.java leads to an infinite loop
when an url contains other characters than [\w-._~].
//The live area should be restrictive and will use the policy belonging to self-or-ancestor
if (url.startsWith("/live")) {
while (url.indexOf("/") >= 0) {
policy = buildSubtreePolicy(controller, url+"/");
policies.add(policy);
if(!policy.isEmpty()) {
url="";
} else {
url=url.replaceFirst("/[\\w\\-\\.\\_\\~]*$","");
}
}
}
The URL should probably be normalized before components like the PolicyManager
get theiry hands on it.
Cheers,
Gregor
--
Gregor R. Imboden
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
gi@wyona.com gregor.imboden@wyona.com
Public-Key http://wyona.org/keys/gregor.imboden@wyona.com.asc
Fingerprint 71EC 091B DE2F 56CD 71F5 D4DD EEF0 470F 0D5C 3E01
Re: FilePolicyManager infinite loop
Posted by Andreas Hartmann <an...@apache.org>.
Andreas Hartmann wrote:
> Gregor Imboden wrote:
>
>> Hi Devs,
>>
>> The following code in FilePolicyManager.java leads to an infinite loop
>> when an url contains other characters than [\w-._~].
>
>
> Thanks for the report - would you mind filing a bug so it doesn't get lost?
Sorry for the noise, I see you already did.
-- Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: FilePolicyManager infinite loop
Posted by Andreas Hartmann <an...@apache.org>.
Gregor Imboden wrote:
> Hi Devs,
>
> The following code in FilePolicyManager.java leads to an infinite loop
> when an url contains other characters than [\w-._~].
Thanks for the report - would you mind filing a bug so it doesn't get lost?
Thanks!
-- Andreas
>
> //The live area should be restrictive and will use the policy belonging to self-or-ancestor
> if (url.startsWith("/live")) {
> while (url.indexOf("/") >= 0) {
> policy = buildSubtreePolicy(controller, url+"/");
> policies.add(policy);
> if(!policy.isEmpty()) {
> url="";
> } else {
> url=url.replaceFirst("/[\\w\\-\\.\\_\\~]*$","");
> }
> }
> }
>
> The URL should probably be normalized before components like the PolicyManager
> get theiry hands on it.
>
> Cheers,
> Gregor
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: FilePolicyManager infinite loop
Posted by Gregor Imboden <gr...@wyona.com>.
btw. i am using lenya 1.4.x =)
On Wed, 14 Dec 2005 10:25:50 +0100
Gregor Imboden <gr...@wyona.com> wrote:
>
> Hi Devs,
>
> The following code in FilePolicyManager.java leads to an infinite loop
> when an url contains other characters than [\w-._~].
>
> //The live area should be restrictive and will use the policy belonging to self-or-ancestor
> if (url.startsWith("/live")) {
> while (url.indexOf("/") >= 0) {
> policy = buildSubtreePolicy(controller, url+"/");
> policies.add(policy);
> if(!policy.isEmpty()) {
> url="";
> } else {
> url=url.replaceFirst("/[\\w\\-\\.\\_\\~]*$","");
> }
> }
> }
>
> The URL should probably be normalized before components like the PolicyManager
> get theiry hands on it.
>
> Cheers,
> Gregor
>
>
> --
> Gregor R. Imboden
> Wyona - Open Source Content Management - Apache Lenya
> http://www.wyona.com http://lenya.apache.org
> gi@wyona.com gregor.imboden@wyona.com
>
> Public-Key http://wyona.org/keys/gregor.imboden@wyona.com.asc
> Fingerprint 71EC 091B DE2F 56CD 71F5 D4DD EEF0 470F 0D5C 3E01
>
--
Gregor R. Imboden
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
gi@wyona.com gregor.imboden@wyona.com
Public-Key http://wyona.org/keys/gregor.imboden@wyona.com.asc
Fingerprint 71EC 091B DE2F 56CD 71F5 D4DD EEF0 470F 0D5C 3E01