JSPWiki: Bug Add Comment Throws Exception Reliably

Title	Add Comment throws exception reliably
Date	25-May-2007 21:22:50 EEST
Version	2.4.102
Submitter	JerryAndrews
Bug criticality	MediumBug
Browser version	Firefox 1.5.0.11
Bug status	ClosedBug
PageProvider used	VersioningFileProvider
Servlet Container	Apache Tomcat/5.5.12
Operating System	Red Hat Enterprise Linux AS release 3 (Taroon Update 1)
URL	save button on any "add comment" edit page
Java version	1.5.0_05-b05

Adding a comment to any page in my install results in the following error page content:

JSPWiki has detected an error

Error Message

        * Attempt to post from a different IP address than where the page was originally fetched.
        * An unknown error was caught by Error.jsp

Exception
    java.lang.Exception
Place where detected
    org.apache.jsp.Error_jsp._jspService(), line 109

Here's the log from an attempt when I was logged in (behavior is the same whether or not I'm logged in) -- no indication that there's a problem:

2007-05-25 13:06:37,113 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Commenting page SystemInfo. User=null, host=10.56.240.137
2007-05-25 13:06:42,769 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Saving page SystemInfo. User=Jerry Andrews, host=10.56.240.137

Here's the relevant security configuration information:

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};


grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
};
grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
};

A quick workaround: remove the following lines in your Comment.jsp:

        //
        //  Do a basic check that the IP address is the same as to where
        //  the page was originally requested.  This curbs some bots.
        //
        String ipaddr = request.getParameter("addr");
        if( !request.getRemoteAddr().equals(ipaddr) )
        {
            wikiSession.addMessage( "Attempt to post from a different IP address than where the page was originally fetched.");
            pageContext.forward( "Error.jsp" );
            return;
        }

The reason why you're seen that is that your editor does not send the IP address properly. You need to have something like this in the form which sends the message:

  <input name="addr" type="hidden" value="<%=request.getRemoteAddr()%>" />

Now, if you have a weird rotating proxy, this can be a problem.

--JanneJalkanen, 25-May-2007

An odd behavior, though: if I'm on the same subnet as the wiki, and I click the "Add Comment" button on the page, then type my comment and click submit, and I've configured Mozilla to think it's "directly connected to the internet", how would the IP address sent, change?

Thanks for the workaround!

--Jerry Andrews, 30-May-2007

Add new attachment

« This page (revision-15) was last changed on 19-Feb-2008 22:36 by HarryMetske

G’day (anonymous guest) My Prefs

This site

JSPWiki

Development

Internet Search

Referenced by
...nobody

JSPWiki v2.6.3-rc-2

In order to upload a new attachment to this page, please use the following box to find the file, then click on “Upload”.
Select file:
Change Note: