You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by Antonio Sanso <as...@adobe.com> on 2015/05/06 08:15:55 UTC

Error Message for Sling Post Servlet

hi *,

as noted in SLING-4415 [0] sometimes the Error Message for Sling Post Servlet might be a little too specific and disclose some information.
IMHO there is no need for this and in some situation as the one for [0] this might even seen as a vulnerability.
For this reason I’d propose a really simple patch to avoid this once for all:

Index: src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java
===================================================================
--- src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java (revision 1675826)
+++ src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java (working copy)
@@ -212,11 +212,11 @@
      * @return an error or <code>null</code>
      */
     public Throwable getError() {
-        return getProperty(PN_ERROR, Throwable.class);
+        return new Throwable("Exception during response processing.");
     }



     public void setError(Throwable error) {
-        setProperty(PN_ERROR, error);
+        //NOTHING TO DO
     }



     /**

WDYT?

regards

antonio

[0] https://issues.apache.org/jira/browse/SLING-4415

Re: Error Message for Sling Post Servlet

Posted by Antonio Sanso <as...@adobe.com>.

anyone ? :)

so if no objections I will go ahead with the mentioned change :)

regards

antonio

On May 6, 2015, at 8:15 AM, Antonio Sanso <as...@adobe.com> wrote:

> hi *,
> 
> as noted in SLING-4415 [0] sometimes the Error Message for Sling Post Servlet might be a little too specific and disclose some information.
> IMHO there is no need for this and in some situation as the one for [0] this might even seen as a vulnerability.
> For this reason I’d propose a really simple patch to avoid this once for all:
> 
> Index: src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java
> ===================================================================
> --- src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java (revision 1675826)
> +++ src/main/java/org/apache/sling/servlets/post/AbstractPostResponse.java (working copy)
> @@ -212,11 +212,11 @@
>      * @return an error or <code>null</code>
>      */
>     public Throwable getError() {
> -        return getProperty(PN_ERROR, Throwable.class);
> +        return new Throwable("Exception during response processing.");
>     }
> 
> 
> 
>     public void setError(Throwable error) {
> -        setProperty(PN_ERROR, error);
> +        //NOTHING TO DO
>     }
> 
> 
> 
>     /**
> 
> WDYT?
> 
> regards
> 
> antonio
> 
> [0] https://issues.apache.org/jira/browse/SLING-4415