TitleInstall.jsp deletes password if "New Password" is left empty and displays jspwiki.properties
Date13-Dec-2005 19:33:25 EET
Version2.2.33
Submitter193.5.216.100
pageprovider
criticalityMediumBug
containerSAP J2EE / any JavaContainer
osWindows
browser_versionany
url
xSubmit report
java_version

1) If you set a password for saving the properties from Install.jsp in jspwiki.properties it is stored correctly. The next time you can use it to modify the properties through Install.jsp - if then, you just use the password, but don't set it again in the NewPassword-fields, the properties are saved, but the password is "emptied" -> the third time calling Install.jsp, a blank password can be used to save the settings.

I've fixed it on line 194 by adding ' && !password1.equals("")':

....
if( password1 != null && !password1.equals(""))
{
    propertyString = setProperty( propertyString, PROP_MASTERPWD, password1 );
    oldpassword = password1;
}
....

2) When calling Install.jsp after the first configuration on any client, it prints out jspwiki.properties. This is not nice, because it also prints the password at the bottom -> anybody could find/use it to modify settings.

I've fixed it by commenting out the output-block:

....
<%--   
    <% if(propertyResult != null) {%>
    <hr />
    <h3>Here is your new jspwiki.properties</h3>
    <pre>
<%=propertyResult%>
    </pre>
    <%}%>
--%>  
....

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 13-Dec-2005 19:35 by 193.5.216.100