Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-1883

XMLRPC isn't working anymore

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Critical
    • None
    • 1.2 M2
    • {Unused} Web Services
    • None

    Description

      A patch was recently introduced to fix a security issue (http://jira.xwiki.org/jira/browse/XWIKI-1832 - it's marked confidential so you won't be able to see it probably).

      However it fails in some cases apparently.

      The issue is that the XWikiContext is created for each XMLRPC request and the current doc isn't set inside it and some parts of the rights checking code checks for the user.

      Caused by:
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(String.java:1938)
at com.xpn.xwiki.util.Util.getWeb(Util.java:200)
at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.isSuperUser(XWikiRightServiceImpl.java:700)
at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.hasAccessLevel(XWikiRightServiceImpl.java:494)
at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.hasAccessLevel(XWikiRightServiceImpl.java:231)
at com.xpn.xwiki.xmlrpc.DomainObjectFactory.checkRights(DomainObjectFactory.java:119)
at com.xpn.xwiki.xmlrpc.DomainObjectFactory.getDocFromPageId(DomainObjectFactory.java:89)
at com.xpn.xwiki.xmlrpc.ConfluenceRpcHandler.renderContent(ConfluenceRpcHandler.java:682)

      Attachments

        Activity

          People

            vmassol Vincent Massol
            vmassol Vincent Massol
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: