|Title|Add Comment throws exception reliably
|Date|25-May-2007 21:22:50 EEST
|Version|2.4.102
|Submitter|JerryAndrews
|[Bug criticality]|MediumBug
|Browser version|Firefox 1.5.0.11
|[Bug status]|ClosedBug
|[PageProvider] used|VersioningFileProvider
|Servlet Container|Apache Tomcat/5.5.12
|Operating System|Red Hat Enterprise Linux AS release 3 (Taroon Update 1)
|URL|save button on any "add comment" edit page
|Java version| 1.5.0_05-b05

Adding a comment to any page in my install results in the following error page content:
{{{
JSPWiki has detected an error

Error Message

        * Attempt to post from a different IP address than where the page was originally fetched.
        * An unknown error was caught by Error.jsp

Exception
    java.lang.Exception
Place where detected
    org.apache.jsp.Error_jsp._jspService(), line 109 
}}}
Here's the log from an attempt when I was logged in (behavior is the same whether or not I'm logged in) -- no indication that there's a problem:
{{{
2007-05-25 13:06:37,113 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Commenting page SystemInfo. User=null, host=10.56.240.137
2007-05-25 13:06:42,769 [http-8080-Processor25] INFO JSPWiki DevDocs:/wiki/Comment.jsp DevDocs:http://devdocs.bx05.aa.com/wiki/Comment.jsp - Saving page SystemInfo. User=Jerry Andrews, host=10.56.240.137
}}}
Here's the relevant security configuration information:
{{{
grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};


grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
};
grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
};
}}}


----

A quick workaround: remove the following lines in your Comment.jsp:

{{{
        //
        //  Do a basic check that the IP address is the same as to where
        //  the page was originally requested.  This curbs some bots.
        //
        String ipaddr = request.getParameter("addr");
        if( !request.getRemoteAddr().equals(ipaddr) )
        {
            wikiSession.addMessage( "Attempt to post from a different IP address than where the page was originally fetched.");
            pageContext.forward( "Error.jsp" );
            return;
        }
}}}

The reason why you're seen that is that your editor does not send the IP address properly.  You need to have something like this in the form which sends the message:

{{{
  <input name="addr" type="hidden" value="<%=request.getRemoteAddr()%>" />
}}}

Now, if you have a weird rotating proxy, this can be a problem.

--JanneJalkanen, 25-May-2007


----

An odd behavior, though: if I'm on the same subnet as the wiki, and I click the "Add Comment" button on the page, then type my comment and click submit, and I've configured Mozilla to think it's "directly connected to the internet", how would the IP address sent, change?

Thanks for the workaround!

--Jerry Andrews, 30-May-2007