[
https://issues.apache.org/jira/browse/ROL-1956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Greg Huber reassigned ROL-1956:
-------------------------------
Assignee: Greg Huber (was: Roller Unassigned)
> ValidateSaltFilter not working on file upload
> ---------------------------------------------
>
> Key: ROL-1956
> URL: https://issues.apache.org/jira/browse/ROL-1956
> Project: Apache Roller
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: java version "1.7.0_03"
> OpenJDK Runtime Environment (IcedTea7 2.1.3) (7u3-2.1.3-1)
> OpenJDK 64-Bit Server VM (build 22.0-b10, mixed mode)
> tomcat7 7.0.28-3+nmu1
> Reporter: Matthias Wimmer
> Assignee: Greg Huber
>
> When I try to upload a media file to roller, I get a Sercurity Violation
> thrown in org.apache.roller.weblogger.ui.core.filters.ValidateSaltFilter
> Debugging the problem I can see, that the salt is sent in the HTTP POST
> request to http://example.com/roller-ui/authoring/mediaFileAdd!save.rol - but
> the call to (String) httpReq.getParameter("salt") in
> ValidateSaltFilter.doFilter does return null.
> I guess that this is what
> http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html
> describes for the getParameter() method when it talks about the following:
> If the parameter data was sent in the request body, such as occurs with an
> HTTP POST request, then reading the body directly via getInputStream() or
> getReader() can interfere with the execution of this method.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
