Bugzilla – Full Text Bug Listing
| Summary: | Issuing a search with a location of "" (the empty string) throws IOOB exception | ||
|---|---|---|---|
| Product: | [ECD] Orion | Reporter: | Michael Rennie <Michael_Rennie> |
| Component: | Server | Assignee: | libing wang <libingw> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | P2 | CC: | curtis.windatt.public, steve_northover |
| Version: | 11.0 | ||
| Target Milestone: | 12.0 | ||
| Hardware: | PC | ||
| OS: | Mac OS X | ||
| See Also: | https://bugs.eclipse.org/bugs/show_bug.cgi?id=488337 | ||
| Whiteboard: | |||
|
Description
Michael Rennie
In Bug 488337 we were seeing this from the HTML nav hovers. We weren't setting a search location in scriptResolver which meant the request has '*' as the location. I was able to reproduce the issue in my localhost server by adding orion.context.path = /code in the web-ide.conf file. What happened in the searchServlet.java on the server side is: 1. In normal cases if you use Orion search UI, it always pass the search term as "Location:/code/file/yourUserID-OrionContent/yourFolder/*". 2. The server code then tries to use req.getContextPath(), which returns "/code", in this case. 3. The server code then can get rid of "Location:/code" prefix and set the search location as "/file/yourUserID-OrionContent/yourFolder/*" for the fileGrepper class. So if any client code tries to hand craft a search location like "Location:*", it will fail the server code because the context is not included in the term at all. We should safe guard the server code so that if the location does not contain the context, we just default the location to "*". In normal Orion cases, the req.getContextPath() always return "". That's why "Location:*" as a search term never failed. Fixed with http://git.eclipse.org/c/orion/org.eclipse.orion.server.git/commit/?id=7feebc165b1b70e057660db8af4909a673f094c3. Now we are throwing error 400 if an invalid search term is paseed. |