#2066 ✓resolved
Robert Rettig

fix open file on 500 error pages for modules

Reported by Robert Rettig | October 19th, 2016 @ 09:09 AM | in 1.4.4 (closed)

Please include as much relevant information as possible including the exact framework version you're using and a code snippet that reproduces the problem. WARNING: Do not fill bugs related describing security vulnerabilities. Email directly guillaume dot bort at gmail dot com for that.

Framework version: * all

Reproduction steps: create app with a module which includes a template/tag. add an exception (e.g. RuntimeException) in the template/tag. browse to page where this template/tag is used.

Details:
currently the url form creates a {module:mymodule} relative link. it must be resolved to real path.

Comments and changes to this ticket

  • Play Duck

    Play Duck October 20th, 2016 @ 09:50 PM

    (from [59f1cebe5697f9bcc665da3cd52cc3bfc8f2427d]) Merge pull request #1015 from synapplix/lighthouse-2066-patch

    [#2066] fix-open-file-on-500-error-pages-for-modules https://github.com/playframework/play1/commit/59f1cebe5697f9bcc665d...

  • Alex

    Alex October 21st, 2016 @ 03:32 AM

    • State changed from “new” to “resolved”
    • Tag set to error page
    • Assigned user set to “Alex”
    • Milestone set to 1.4.4
  • Robert Rettig

    Robert Rettig November 4th, 2016 @ 12:33 AM

    hi thanks.
    but I detected some error.
    It is possible that the file parameter in play.utils.Utils#open is null.
    If you further look into VirtualFile.fromRelativePath you will recognize that there is no null check and the null value will be processed by the java.util.regex.Pattern#matcher with an NPE.

    here are some example candidates of calls to play.utils.Utils.open

    framework/templates/tags/500.html
                ${play.utils.Utils.open(exception.sourceFile, line_index+from) ? ('<a href="' + play.utils.Utils.open(exception.sourceFile, line_index+from) + '">').raw() : ''}
                ${play.utils.Utils.open(exception.sourceFile, line_index+from) ? ('<a href="' + play.utils.Utils.open(exception.sourceFile, line_index+from) + '">').raw() : ''}
                ${play.utils.Utils.open(exception.sourceFile, line_index+from) ? '</a>'.raw() : ''}
    modules/testrunner/app/views/TestRunner/results-xunit.xml
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? ('<a href="' + play.utils.Utils.open(result.sourceFile, result.sourceLine) + '">').raw() : ''}
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? ('<a href="' + play.utils.Utils.open(result.sourceFile, result.sourceLine) + '">').raw() : ''}
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? '</a>'.raw() : ''}
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? ('<a href="' + play.utils.Utils.open(result.sourceFile, result.sourceLine) + '">').raw() : ''}
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? ('<a href="' + play.utils.Utils.open(result.sourceFile, result.sourceLine) + '">').raw() : ''}
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? '</a>'.raw() : ''}
    modules/testrunner/app/views/TestRunner/results.html
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? ('<a href="' + play.utils.Utils.open(result.sourceFile, result.sourceLine) + '">').raw() : ''}
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? ('<a href="' + play.utils.Utils.open(result.sourceFile, result.sourceLine) + '">').raw() : ''}
              ${play.utils.Utils.open(result.sourceFile, result.sourceLine) ? '</a>'.raw() : ''}
    

    A null check should happen in play.utils.Utils.open as well as in play.vfs.VirtualFile#fromRelativePath.

  • Alex

    Alex November 4th, 2016 @ 01:22 AM

    • State changed from “resolved” to “inprogress”
  • Play Duck
  • Alex

    Alex November 11th, 2016 @ 08:02 AM

    Merged and pushed PR #1022 in master and 1.4.x
    Thanks

  • Alex

    Alex January 19th, 2017 @ 03:37 AM

    • State changed from “inprogress” to “resolved”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2>Play framework</h2>

Play makes it easier to build Web applications with Java. It is a clean alternative to bloated Enterprise Java stacks. It focuses on developer productivity and targets RESTful architectures. Learn more on the <a href="http://www.playframework.org">http://www.playframework.org</a> website.<br><br>

<h2>Source code is hosted on github</h2>Check out our repository at <a href="http://github.com/playframework/play">http://github.com/playframework/play</a><br><br>

<h2>Contributing, creating a patch</h2> Please read the <a href="http://play.lighthouseapp.com/projects/57987/contributor-guide">contributor guide</a><br><br>

<h2>Reporting Security Vulnerabilities</h2> Since all bug reports are public, please report any security vulnerability directly to <em>guillaume dot bort at gmail dot com</em>.<br><br>

<h2>Creating a bug report</h2> Bug reports are incredibly helpful, so take time to report bugs and request features in our ticket tracker. We’re always grateful for patches to Play’s code. Indeed, bug reports with attached patches will get fixed far quickly than those without any.<br><br>

Please include as much relevant information as possible including the exact framework version you're using and a code snippet that reproduces the problem.<br><br>

Don't have too much expectations. Unless the bug is really a serious "everything is broken" thing, you're creating a ticket to start a discussion. Having a patch (or a branch on Github we can pull from) is better, but then again we'll only pull high quality branches that make sense to be in the core of Play.

Tags

Pages