You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(observed in 1.1.8, apologies if already fixed, my quick search of issues didn't reveal anything obvious!)
One of my apps was probed for some kind of PHP-related dodginess. I wouldn't have particularly noticed, as the route being requested obviously wasn't valid, but the thing is my middleware stack is set up such that I'm attempting to parse the URL params before validating the route anyway. In doing so, nested-params seems to throw the following ClassCastException:
2014-03-31 14:10:22.657:WARN:oejs.AbstractHttpConnection:/cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
java.lang.ClassCastException: java.lang.Character cannot be cast to java.util.Map$Entry
at clojure.lang.APersistentMap.cons(APersistentMap.java:42)
at clojure.lang.RT.conj(RT.java:562)
at clojure.core$conj.invoke(core.clj:83)
at ring.middleware.nested_params$assoc_nested.invoke(nested_params.clj:23)
at ring.middleware.nested_params$nest_params$fn__757.invoke(nested_params.clj:44)
at clojure.lang.ArrayChunk.reduce(ArrayChunk.java:58)
at clojure.core.protocols$fn__6041.invoke(protocols.clj:98)
at clojure.core.protocols$fn__6005$G__6000__6014.invoke(protocols.clj:19)
at clojure.core.protocols$seq_reduce.invoke(protocols.clj:31)
at clojure.core.protocols$fn__6026.invoke(protocols.clj:54)
at clojure.core.protocols$fn__5979$G__5974__5992.invoke(protocols.clj:13)
at clojure.core$reduce.invoke(core.clj:6177)
at ring.middleware.nested_params$nest_params.invoke(nested_params.clj:46)
at clojure.lang.AFn.applyToHelper(AFn.java:163)
at clojure.lang.AFn.applyTo(AFn.java:151)
at clojure.core$apply.invoke(core.clj:619)
at clojure.core$update_in.doInvoke(core.clj:5587)
at clojure.lang.RestFn.invoke(RestFn.java:467)
at ring.middleware.nested_params$nested_params_request.doInvoke(nested_params.clj:52)
at clojure.lang.RestFn.invoke(RestFn.java:423)
at ring.middleware.nested_params$wrap_nested_params$fn__766.invoke(nested_params.clj:70)
at ring.middleware.params$wrap_params$fn__697.invoke(params.clj:58)
at ring.middleware.multipart_params$wrap_multipart_params$fn__803.invoke(multipart_params.clj:107)
at ring.middleware.flash$wrap_flash$fn__1429.invoke(flash.clj:31)
at ring.middleware.session$wrap_session$fn__1416.invoke(session.clj:85)
at clojure.lang.Var.invoke(Var.java:415)
at ring.adapter.jetty$proxy_handler$fn__239.invoke(jetty.clj:18)
at ring.adapter.jetty.proxy$org.eclipse.jetty.server.handler.AbstractHandler$0.handle(Unknown Source)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:452)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:894)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:948)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:857)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:599)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:534)
at java.lang.Thread.run(Thread.java:722)
For information, the unescaped version of the params:
I'm guessing this is some bot probing for versions of PHP that it knows how to own or something? I would enjoy the irony if it has accidentally achieved something useful in bringing a genuine bug to our attention :-)
The text was updated successfully, but these errors were encountered:
Any issues with wrap-nested-params should have been fixed in 75debbd and Ring 1.2.2. However, I'm unable to reproduce this error in Ring 1.1.8. Are you certain that was the version used?
(observed in 1.1.8, apologies if already fixed, my quick search of issues didn't reveal anything obvious!)
One of my apps was probed for some kind of PHP-related dodginess. I wouldn't have particularly noticed, as the route being requested obviously wasn't valid, but the thing is my middleware stack is set up such that I'm attempting to parse the URL params before validating the route anyway. In doing so,
nested-params
seems to throw the followingClassCastException
:For information, the unescaped version of the params:
I'm guessing this is some bot probing for versions of PHP that it knows how to own or something? I would enjoy the irony if it has accidentally achieved something useful in bringing a genuine bug to our attention :-)
The text was updated successfully, but these errors were encountered: