Issue Details (XML | Word | Printable)

Key: GRAILS-675
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Graeme Rocher
Reporter: Marc Palmer
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Grails

Requests for nonexistent views/actions with punctuation in case NullPointerException

Created: 29/Jan/07 07:39 AM   Updated: 29/May/07 06:11 AM
Component/s: Security, View technologies
Affects Version/s: 0.4
Fix Version/s: 0.5.5-RC1

Time Tracking:
Not Specified


 Description  « Hide
For example getting myApp/content/view/.bashrc gives an NPE. so does getting ~bashrc and some others. Not quite sure why.

This should of course give a 404 not a server error with NPE.

This is a security issue because of security audits and also because random scans that continually attack servers will use bad URIs, and we don't want zillions of NPE traces in our logs!

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Marc Palmer added a comment - 20/Apr/07 05:02 AM
Rolled over to 0.5.5 to get a stable JavaOne release out


Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.3-#344) - Bug/feature request - Atlassian news - Contact Administrators