You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Eric Norman (JIRA)" <ji...@apache.org> on 2009/09/06 03:23:57 UTC
[jira] Closed: (SLING-1089) DefaultGetServlet should report an
error if the selector string is not empty
[ https://issues.apache.org/jira/browse/SLING-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman closed SLING-1089.
------------------------------
Resolution: Invalid
After further review it appears that some of the default renderers (json, xml) use the selectors to change what is returned (json depth, xml style). So this patch makes that stop working.
I will resolve my use case by using a custom servlet. I am closing this issue for now.
> DefaultGetServlet should report an error if the selector string is not empty
> ----------------------------------------------------------------------------
>
> Key: SLING-1089
> URL: https://issues.apache.org/jira/browse/SLING-1089
> Project: Sling
> Issue Type: Bug
> Components: Servlets Get
> Affects Versions: Servlets Get 2.0.4
> Reporter: Eric Norman
> Attachments: SLING-1089_patch.txt
>
>
> The DefaultGetServlet will render a response whenever the extension matches one of the mapped renderer servlets. The selectors are not checked so the requesting user could put any arbitrary text as the selector and never get an error.
> For example, http://host/resource_path.txt would stream back the text representation of the resource. However, http://host/resource_path.some.made.up.selector.txt also streams back the same response.
> I would think it would be more correct for the DefaultGetServlet to only stream a response when the selectors are empty. If the selectors are not empty then the user loaded an invalid url, or there is a server-side script missing to handle the specified selector.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.