You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@jspwiki.apache.org by ja...@apache.org on 2008/04/09 22:01:07 UTC

svn commit: r646507 - /incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java

Author: jalkanen
Date: Wed Apr  9 13:01:06 2008
New Revision: 646507

URL: http://svn.apache.org/viewvc?rev=646507&view=rev
Log:
Hacking attempts at manipulating the version parameter no longer cause a slew of email to the admin...

Modified:
    incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java

Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java?rev=646507&r1=646506&r2=646507&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/CommandResolver.java Wed Apr  9 13:01:06 2008
@@ -491,7 +491,16 @@
 
         if ( rev != null )
         {
-            version = Integer.parseInt( rev );
+            try
+            {
+                version = Integer.parseInt( rev );
+            }
+            catch( NumberFormatException e )
+            {
+                // This happens a lot with bots or other guys who are trying
+                // to test if we are vulnerable to e.g. XSS attacks.  We catch
+                // it here so that the admin does not get tons of mail.
+            }
         }
 
         wikipage = m_engine.getPage( page, version );