Title | Add Comment throws exception reliably |
Date | 25-May-2007 21:22:50 EEST |
Version | 2.4.102 |
Submitter | JerryAndrews |
Bug criticality | MediumBug |
Browser version | Firefox 1.5.0.11 |
Bug status | ClosedBug |
PageProvider used | VersioningFileProvider |
Servlet Container | Apache Tomcat/5.5.12 |
Operating System | Red Hat Enterprise Linux AS release 3 (Taroon Update 1) |
URL | save button on any "add comment" edit page |
Java version | 1.5.0_05-b05 |
Adding a comment to any page in my install results in the following error page content:
JSPWiki has detected an error Error Message * Attempt to post from a different IP address than where the page was originally fetched. * An unknown error was caught by Error.jsp Exception java.lang.Exception Place where detected org.apache.jsp.Error_jsp._jspService(), line 109Here's the log from an attempt when I was logged in (behavior is the same whether or not I'm logged in) -- no indication that there's a problem:
2007-05-25 13:06:37,113 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Commenting page SystemInfo. User=null, host=10.56.240.137 2007-05-25 13:06:42,769 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Saving page SystemInfo. User=Jerry Andrews, host=10.56.240.137Here's the relevant security configuration information:
grant signedBy "jspwiki", principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view"; permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login"; }; grant signedBy "jspwiki", principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify"; permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login"; }; grant signedBy "jspwiki", principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename"; permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view"; permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login"; }; grant signedBy "jspwiki", principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" { permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki"; }; grant signedBy "jspwiki", principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" { permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki"; };
A quick workaround: remove the following lines in your Comment.jsp:
// // Do a basic check that the IP address is the same as to where // the page was originally requested. This curbs some bots. // String ipaddr = request.getParameter("addr"); if( !request.getRemoteAddr().equals(ipaddr) ) { wikiSession.addMessage( "Attempt to post from a different IP address than where the page was originally fetched."); pageContext.forward( "Error.jsp" ); return; }
The reason why you're seen that is that your editor does not send the IP address properly. You need to have something like this in the form which sends the message:
<input name="addr" type="hidden" value="<%=request.getRemoteAddr()%>" />
Now, if you have a weird rotating proxy, this can be a problem.
--JanneJalkanen, 25-May-2007
An odd behavior, though: if I'm on the same subnet as the wiki, and I click the "Add Comment" button on the page, then type my comment and click submit, and I've configured Mozilla to think it's "directly connected to the internet", how would the IP address sent, change?
Thanks for the workaround!
--Jerry Andrews, 30-May-2007
Add new attachment
Only authorized users are allowed to upload new attachments.