You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ja...@apache.org on 2008/04/09 22:01:07 UTC
svn commit: r646507 -
/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java
Author: jalkanen
Date: Wed Apr 9 13:01:06 2008
New Revision: 646507
URL: http://svn.apache.org/viewvc?rev=646507&view=rev
Log:
Hacking attempts at manipulating the version parameter no longer cause a slew of email to the admin...
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java
Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java?rev=646507&r1=646506&r2=646507&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java Wed Apr 9 13:01:06 2008
@@ -491,7 +491,16 @@
if ( rev != null )
{
- version = Integer.parseInt( rev );
+ try
+ {
+ version = Integer.parseInt( rev );
+ }
+ catch( NumberFormatException e )
+ {
+ // This happens a lot with bots or other guys who are trying
+ // to test if we are vulnerable to e.g. XSS attacks. We catch
+ // it here so that the admin does not get tons of mail.
+ }
}
wikipage = m_engine.getPage( page, version );