You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by bu...@apache.org on 2003/10/24 13:28:34 UTC

DO NOT REPLY [Bug 24093] New: - context:// + relative paths causes NPE (view-source.xsp)

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24093>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24093

context:// + relative paths causes NPE (view-source.xsp)

           Summary: context:// + relative paths causes NPE (view-source.xsp)
           Product: Cocoon 2
           Version: Current CVS 2.1
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: core
        AssignedTo: dev@cocoon.apache.org
        ReportedBy: joerg.heinicke@gmx.de


view-source.xsp shows the source of an XML file. It had deprecated code and I
fixed it to use excalibur source resolving:

source = super.resolver.resolveURI("context://" + filename);

If the parameter filename is a relative path ("context://../anything.xml"), the
resolving will result in a NPE:

java.lang.NullPointerException
        at java.io.File.<init>(File.java:263)
        at org.mortbay.util.FileResource.addPath(FileResource.java:79)
        at org.mortbay.http.HttpContext.getResource(HttpContext.java:788)
        at
org.mortbay.jetty.servlet.WebApplicationContext.getResource(WebApplicationContext.java:1208)
        at
org.mortbay.jetty.servlet.ServletHandler.getResource(ServletHandler.java:705)
        at
org.mortbay.jetty.servlet.ServletHandler$Context.getResource(ServletHandler.java:937)
        at
org.apache.cocoon.environment.http.HttpContext.getResource(HttpContext.java:99)
        at
org.apache.cocoon.components.source.impl.ContextSourceFactory.getSource(ContextSourceFactory.java:155)
        at
org.apache.excalibur.source.impl.SourceResolverImpl.resolveURI(SourceResolverImpl.java:247)
        at
org.apache.cocoon.components.CocoonComponentManager.resolveURI(CocoonComponentManager.java:512)
        at
org.apache.cocoon.components.CocoonComponentManager.resolveURI(CocoonComponentManager.java:512)
        at
org.apache.cocoon.environment.AbstractEnvironment.resolveURI(AbstractEnvironment.java:513)
        at
org.apache.cocoon.environment.AbstractEnvironment.resolveURI(AbstractEnvironment.java:500)
        at
org.apache.cocoon.www.samples.common.view_source_xsp.generate(org.apache.cocoon.www.samples.common.view_source_xsp:480)


As the NPE is not thrown directly in Cocoon/Excalibur classes, the behaviour
might depend on the servlet container.

Using context:// should prevent the access to files outside the webapp context,
maybe by throwing an exception.

Joerg