Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-11201

Users can render the User Directory non-functional by editing their profile

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 6.1
    • User - User Directory
    • None

    Description

      If a prankster edits ones own profile and e.g. sets last name to 

      {{velocity}}

      the User Directory will fail to produce results as soon as the user would have been shown; the AJAX-reponse shows something like:

      {"reqNo":3,"matchingtags":{},"tags":[],"totalrows":3,"returnedrows":3,"offset":1,"rows":[{"doc_viewable":true,"doc_name":"Admin","doc_fullName":"xwiki:XWiki.Admin","doc_space":"XWiki","doc_url":"/xwiki/bin/view/XWiki/Admin","doc_space_url":"/xwiki/bin/view/XWiki/","doc_wiki":"xwiki","doc_wiki_url":"/xwiki/bin/view/Main/","doc_hasadmin":true,"doc_hasedit":true,"doc_hasdelete":true,"doc_hasrename":true,"doc_hasrights":true,"doc_edit_url":"/xwiki/bin/edit/XWiki/Admin","doc_copy_url":"/xwiki/bin/view/XWiki/Admin?xpage=copy","doc_delete_url":"/xwiki/bin/delete/XWiki/Admin","doc_rename_url":"/xwiki/bin/view/XWiki/Admin?xpage=rename&step=1","doc_rights_url":"/xwiki/bin/edit/XWiki/Admin?editor=rights","doc_author_url":"/xwiki/bin/view/XWiki/Admin","doc_date":"2014/10/09 14:53","doc_title":"Profile of Administrator Failed to execute the [velocity] macro org.xwiki.rendering.macro.MacroExecutionException: Nested scripts are not allowed
	at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:178)
	at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:58)
	at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transformOnce(MacroTransformation.java:200)
	at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:140)
	at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:175)
	at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:94)
	at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:252)
	at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:125)
	at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:55)
	at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:80)
	at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:38)
	at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:113)
	at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:50)
	at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:67)
	at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:41)
	at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:981)
	at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:960)
	at com.xpn.xwiki.api.Document.getRenderedContent(Document.java:663)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
	at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
	at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:87)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:228)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:187)
	at com.xpn.xwiki.render.XWikiVelocityRenderer.evaluate(XWikiVelocityRenderer.java:131)
	at com.xpn.xwiki.internal.template.DefaultPrivilegedTemplateRenderer.evaluate(DefaultPrivilegedTemplateRenderer.java:147)
	at com.xpn.xwiki.internal.template.DefaultPrivilegedTemplateRenderer.evaluateTemplate(DefaultPrivilegedTemplateRenderer.java:84)
	at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:1622)
	at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:1562)
	at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:801)

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-11087 Email column in UserDirectory is not linked

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              camil7 Clemens Robbenhaar
              camil7 Clemens Robbenhaar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: