Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-18185

Changing height to nonescense value stops link tool from being edited in a site

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.7.0
    • Fix Version/s: 2.7.0, 2.8.0
    • Component/s: Linktool
    • Labels:
      None
    • Environment:
      qa1-nl

      Description

      As Admin change height of the link tool to
      <script>alert('xss');</script>

      The link tool saves the value and then generates a bug report
      Pressing reset icon generates the bug report again. There is no obvious way to edit the height.
      with:

      ERROR TP-Processor5 org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/sakai-rutgers-linktool].[sakai.rutgers.linktool] - Servlet.service() for servlet sakai.rutgers.linktool threw exception
      java.lang.NumberFormatException: For input string: "<script>alert('xss');</script>"
      at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
      at java.lang.Integer.parseInt(Integer.java:449)
      at java.lang.Integer.parseInt(Integer.java:499)
      at org.sakaiproject.tool.rutgers.LinkTool.doGet(LinkTool.java:414)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:627)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:580)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:364)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
      at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:486)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1216)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:198)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.doGet(SkinnableCharonPortal.java:768)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:627)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:641)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
      at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
      at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
      at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)
      at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
      at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
      at java.lang.Thread.run(Thread.java:619)

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                dhorwitz David Horwitz
                Reporter:
                a.m.berg@uva.nl Alan Berg
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration