You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by bu...@apache.org on 2003/10/24 13:28:34 UTC
DO NOT REPLY [Bug 24093] New: -
context:// + relative paths causes NPE (view-source.xsp)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24093>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24093
context:// + relative paths causes NPE (view-source.xsp)
Summary: context:// + relative paths causes NPE (view-source.xsp)
Product: Cocoon 2
Version: Current CVS 2.1
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: core
AssignedTo: dev@cocoon.apache.org
ReportedBy: joerg.heinicke@gmx.de
view-source.xsp shows the source of an XML file. It had deprecated code and I
fixed it to use excalibur source resolving:
source = super.resolver.resolveURI("context://" + filename);
If the parameter filename is a relative path ("context://../anything.xml"), the
resolving will result in a NPE:
java.lang.NullPointerException
at java.io.File.<init>(File.java:263)
at org.mortbay.util.FileResource.addPath(FileResource.java:79)
at org.mortbay.http.HttpContext.getResource(HttpContext.java:788)
at
org.mortbay.jetty.servlet.WebApplicationContext.getResource(WebApplicationContext.java:1208)
at
org.mortbay.jetty.servlet.ServletHandler.getResource(ServletHandler.java:705)
at
org.mortbay.jetty.servlet.ServletHandler$Context.getResource(ServletHandler.java:937)
at
org.apache.cocoon.environment.http.HttpContext.getResource(HttpContext.java:99)
at
org.apache.cocoon.components.source.impl.ContextSourceFactory.getSource(ContextSourceFactory.java:155)
at
org.apache.excalibur.source.impl.SourceResolverImpl.resolveURI(SourceResolverImpl.java:247)
at
org.apache.cocoon.components.CocoonComponentManager.resolveURI(CocoonComponentManager.java:512)
at
org.apache.cocoon.components.CocoonComponentManager.resolveURI(CocoonComponentManager.java:512)
at
org.apache.cocoon.environment.AbstractEnvironment.resolveURI(AbstractEnvironment.java:513)
at
org.apache.cocoon.environment.AbstractEnvironment.resolveURI(AbstractEnvironment.java:500)
at
org.apache.cocoon.www.samples.common.view_source_xsp.generate(org.apache.cocoon.www.samples.common.view_source_xsp:480)
As the NPE is not thrown directly in Cocoon/Excalibur classes, the behaviour
might depend on the servlet container.
Using context:// should prevent the access to files outside the webapp context,
maybe by throwing an exception.
Joerg