| Title | Install.jsp deletes password if "New Password" is left empty and displays jspwiki.properties |
| Date | 13-Dec-2005 19:33:25 EET |
| Version | 2.2.33 |
| Submitter | 193.5.216.100 |
| pageprovider | |
| criticality | MediumBug |
| container | SAP J2EE / any JavaContainer |
| os | Windows |
| browser_version | any |
| url | |
| x | Submit report |
| java_version |
1) If you set a password for saving the properties from Install.jsp in jspwiki.properties it is stored correctly. The next time you can use it to modify the properties through Install.jsp - if then, you just use the password, but don't set it again in the NewPassword-fields, the properties are saved, but the password is "emptied" -> the third time calling Install.jsp, a blank password can be used to save the settings.
I've fixed it on line 194 by adding ' && !password1.equals("")':
....
if( password1 != null && !password1.equals(""))
{
propertyString = setProperty( propertyString, PROP_MASTERPWD, password1 );
oldpassword = password1;
}
....
2) When calling Install.jsp after the first configuration on any client, it prints out jspwiki.properties. This is not nice, because it also prints the password at the bottom -> anybody could find/use it to modify settings.
I've fixed it by commenting out the output-block:
....
<%--
<% if(propertyResult != null) {%>
<hr />
<h3>Here is your new jspwiki.properties</h3>
<pre>
<%=propertyResult%>
</pre>
<%}%>
--%>
....
Add new attachment
- Features
- Download
- Documentation
- Templates
- Plugins
- Provider
- Filters
- Support
- FAQ
- Irc Channel
- Mailing List
- Weblog
- Applications
- Getting Involved
- JSPWIKI Testers
Development
Internet Search