[#CONF-7163] SQL problem with deleting users

Confluence

SQL problem with deleting users

Created: 16/Oct/06 09:29 AM Updated: 16/Oct/06 11:40 PM

Component/s:

Administration

Affects Version/s:

None

Fix Version/s:

2.2.10

Time Tracking:

Not Specified

Environment:

Windows

Participants:	Agnes Ro [Atlassian], Ivan Benko [Atlassian] and Stephen Morad
Since last comment:	2 years, 37 weeks, 2 days ago
Resolution Date:	16/Oct/06 11:40 PM
Labels:

Description

« Hide

Deleting a user with an apostraphy (') in their name causes a SQL error. This actually exposes a potential SQL injection exploit since the username is passed directly to the SQL statement and is not parsed for apostraphies.

Example:
1. Create a user with an apostraphy in their name.
2. Try to delete the user.

All

Comments

Work Log

Change History

Sort Order:

[ Permalink | « Hide ]

Ivan Benko [Atlassian] added a comment - 16/Oct/06 07:10 PM

Hi Stephen,

Thanks for reporting this bug. We shall look into it and resolve it soon.

Please follow the progress on this issue by adding a watch to it.

Thanks,
Ivan

[ Permalink | « Hide ]

Ivan Benko [Atlassian] added a comment - 16/Oct/06 07:11 PM

Cause:
org.springframework.jdbc.UncategorizedSQLException: (Hibernate operation): encountered SQLException [Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]]; nested exception is java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]
at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.translate(SQLStateSQLExceptionTranslator.java:94)
caused by: java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]
at org.hsqldb.jdbc.Util.throwError(Unknown Source)

Stack Trace: [hide]

org.springframework.jdbc.UncategorizedSQLException: (Hibernate operation): encountered SQLException [Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]]; nested exception is java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]
java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]
at org.hsqldb.jdbc.Util.throwError(Unknown Source)
at org.hsqldb.jdbc.jdbcPreparedStatement.(Unknown Source)
at org.hsqldb.jdbc.jdbcConnection.prepareStatement(Unknown Source)
at com.mchange.v2.c3p0.impl.NewProxyConnection.prepareStatement(NewProxyConnection.java:189)
at net.sf.hibernate.impl.BatcherImpl.getPreparedStatement(BatcherImpl.java:263)
at net.sf.hibernate.impl.BatcherImpl.getPreparedStatement(BatcherImpl.java:236)
at net.sf.hibernate.impl.BatcherImpl.prepareQueryStatement(BatcherImpl.java:67)
at net.sf.hibernate.loader.Loader.prepareQueryStatement(Loader.java:784)
at net.sf.hibernate.loader.Loader.doQuery(Loader.java:269)
at net.sf.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:138)
at net.sf.hibernate.loader.Loader.doList(Loader.java:1063)
at net.sf.hibernate.loader.Loader.list(Loader.java:1054)
at net.sf.hibernate.hql.QueryTranslator.list(QueryTranslator.java:854)
at net.sf.hibernate.impl.SessionImpl.find(SessionImpl.java:1554)
at net.sf.hibernate.impl.SessionImpl.find(SessionImpl.java:1531)
at net.sf.hibernate.impl.SessionImpl.delete(SessionImpl.java:1678)
at net.sf.hibernate.impl.SessionImpl.delete(SessionImpl.java:1664)
at org.springframework.orm.hibernate.HibernateTemplate$45.doInHibernate(HibernateTemplate.java:785)
at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:200)
at org.springframework.orm.hibernate.HibernateTemplate.delete(HibernateTemplate.java:782)
at com.atlassian.confluence.security.persistence.dao.hibernate.HibernateSpacePermissionDao.removePermissionsForUser(HibernateSpacePermissionDao.java:52)
at com.atlassian.confluence.security.DefaultSpacePermissionManager.removeAllUserPermissions(DefaultSpacePermissionManager.java:147)
at com.atlassian.confluence.security.SpacePermissionCheckDispatcherCoordinator.removeAllUserPermissions(SpacePermissionCheckDispatcherCoordinator.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.springframework.aop.framework.AopProxyUtils.invokeJoinpointUsingReflection(AopProxyUtils.java:61)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:149)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:116)
at com.atlassian.confluence.util.profiling.SpringProfilingInterceptor.invoke(SpringProfilingInterceptor.java:18)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:138)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:56)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:138)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:152)
at $Proxy10.removeAllUserPermissions(Unknown Source)
at com.atlassian.confluence.user.DefaultUserAccessor.removeUser(DefaultUserAccessor.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.springframework.aop.framework.AopProxyUtils.invokeJoinpointUsingReflection(AopProxyUtils.java:61)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:149)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:116)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:56)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:138)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:152)
at $Proxy11.removeUser(Unknown Source)
at com.atlassian.confluence.user.actions.RemoveUserAction.execute(RemoveUserAction.java:36)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:168)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.DefaultWorkflowInterceptor.intercept(DefaultWorkflowInterceptor.java:55)
at com.atlassian.confluence.core.ConfluenceWorkflowInterceptor.intercept(ConfluenceWorkflowInterceptor.java:39)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.atlassian.confluence.core.ConfluenceValidationInterceptor.intercept(ConfluenceValidationInterceptor.java:16)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.security.actions.PermissionCheckInterceptor.intercept(PermissionCheckInterceptor.java:39)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.pages.actions.PageAwareInterceptor.intercept(PageAwareInterceptor.java:114)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.spaces.actions.SpaceAwareInterceptor.intercept(SpaceAwareInterceptor.java:82)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.core.actions.LastModifiedInterceptor.intercept(LastModifiedInterceptor.java:39)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.core.ConfluenceAutowireInterceptor.intercept(ConfluenceAutowireInterceptor.java:25)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.util.XWorkTransactionInterceptor.intercept(XWorkTransactionInterceptor.java:133)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.DefaultActionProxy.execute(DefaultActionProxy.java:115)
at com.opensymphony.webwork.dispatcher.ServletDispatcher.serviceAction(ServletDispatcher.java:229)
at com.opensymphony.webwork.dispatcher.ServletDispatcher.service(ServletDispatcher.java:199)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:117)
at com.atlassian.confluence.util.profiling.ProfilingPageFilter.parsePage(ProfilingPageFilter.java:143)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.confluence.util.ServletContextThreadLocalFilter.doFilter(ServletContextThreadLocalFilter.java:30)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.confluence.util.UserThreadLocalFilter.doFilter(UserThreadLocalFilter.java:45)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:182)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.seraph.filter.LoginFilter.doFilter(LoginFilter.java:181)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.johnson.filters.JohnsonFilter.doFilter(JohnsonFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.springframework.orm.hibernate.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:170)
at bucket.custom.FlushingSpringSessionInViewFilter.doFilterInternal(FlushingSpringSessionInViewFilter.java:31)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:73)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.util.profiling.filters.ProfilingFilter.doFilter(ProfilingFilter.java:122)
at com.atlassian.confluence.util.error.ProfilingAndErrorFilter.doFilter(ProfilingAndErrorFilter.java:27)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.core.filters.gzip.GzipFilter.doFilter(GzipFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.atlassian.core.filters.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:37)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:534)

[ Show » ]

Ivan Benko [Atlassian] added a comment - 16/Oct/06 07:11 PM Cause: org.springframework.jdbc.UncategorizedSQLException: (Hibernate operation): encountered SQLException [Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]]; nested exception is java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )] at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.translate(SQLStateSQLExceptionTranslator.java:94) caused by: java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )] at org.hsqldb.jdbc.Util.throwError(Unknown Source) Stack Trace: [hide] org.springframework.jdbc.UncategorizedSQLException: (Hibernate operation): encountered SQLException [Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )]]; nested exception is java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )] java.sql.SQLException: Unexpected token: CRAP in statement [select spacepermi0_.PERMID as PERMID, spacepermi0_.SPACEID as SPACEID, spacepermi0_.PERMTYPE as PERMTYPE, spacepermi0_.PERMGROUPNAME as PERMGROU4_, spacepermi0_.PERMUSERNAME as PERMUSER5_, spacepermi0_.CREATOR as CREATOR, spacepermi0_.CREATIONDATE as CREATION7_, spacepermi0_.LASTMODIFIER as LASTMODI8_, spacepermi0_.LASTMODDATE as LASTMODD9_ from SPACEPERMISSIONS spacepermi0_ where (spacepermi0_.PERMUSERNAME='d' crap )] at org.hsqldb.jdbc.Util.throwError(Unknown Source) at org.hsqldb.jdbc.jdbcPreparedStatement.(Unknown Source) at org.hsqldb.jdbc.jdbcConnection.prepareStatement(Unknown Source) at com.mchange.v2.c3p0.impl.NewProxyConnection.prepareStatement(NewProxyConnection.java:189) at net.sf.hibernate.impl.BatcherImpl.getPreparedStatement(BatcherImpl.java:263) at net.sf.hibernate.impl.BatcherImpl.getPreparedStatement(BatcherImpl.java:236) at net.sf.hibernate.impl.BatcherImpl.prepareQueryStatement(BatcherImpl.java:67) at net.sf.hibernate.loader.Loader.prepareQueryStatement(Loader.java:784) at net.sf.hibernate.loader.Loader.doQuery(Loader.java:269) at net.sf.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:138) at net.sf.hibernate.loader.Loader.doList(Loader.java:1063) at net.sf.hibernate.loader.Loader.list(Loader.java:1054) at net.sf.hibernate.hql.QueryTranslator.list(QueryTranslator.java:854) at net.sf.hibernate.impl.SessionImpl.find(SessionImpl.java:1554) at net.sf.hibernate.impl.SessionImpl.find(SessionImpl.java:1531) at net.sf.hibernate.impl.SessionImpl.delete(SessionImpl.java:1678) at net.sf.hibernate.impl.SessionImpl.delete(SessionImpl.java:1664) at org.springframework.orm.hibernate.HibernateTemplate$45.doInHibernate(HibernateTemplate.java:785) at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:200) at org.springframework.orm.hibernate.HibernateTemplate.delete(HibernateTemplate.java:782) at com.atlassian.confluence.security.persistence.dao.hibernate.HibernateSpacePermissionDao.removePermissionsForUser(HibernateSpacePermissionDao.java:52) at com.atlassian.confluence.security.DefaultSpacePermissionManager.removeAllUserPermissions(DefaultSpacePermissionManager.java:147) at com.atlassian.confluence.security.SpacePermissionCheckDispatcherCoordinator.removeAllUserPermissions(SpacePermissionCheckDispatcherCoordinator.java:46) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.springframework.aop.framework.AopProxyUtils.invokeJoinpointUsingReflection(AopProxyUtils.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:149) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:116) at com.atlassian.confluence.util.profiling.SpringProfilingInterceptor.invoke(SpringProfilingInterceptor.java:18) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:138) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:56) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:138) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:152) at $Proxy10.removeAllUserPermissions(Unknown Source) at com.atlassian.confluence.user.DefaultUserAccessor.removeUser(DefaultUserAccessor.java:96) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.springframework.aop.framework.AopProxyUtils.invokeJoinpointUsingReflection(AopProxyUtils.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:149) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:116) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:56) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:138) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:152) at $Proxy11.removeUser(Unknown Source) at com.atlassian.confluence.user.actions.RemoveUserAction.execute(RemoveUserAction.java:36) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:168) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.interceptor.DefaultWorkflowInterceptor.intercept(DefaultWorkflowInterceptor.java:55) at com.atlassian.confluence.core.ConfluenceWorkflowInterceptor.intercept(ConfluenceWorkflowInterceptor.java:39) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.atlassian.confluence.core.ConfluenceValidationInterceptor.intercept(ConfluenceValidationInterceptor.java:16) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.atlassian.confluence.security.actions.PermissionCheckInterceptor.intercept(PermissionCheckInterceptor.java:39) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.atlassian.confluence.pages.actions.PageAwareInterceptor.intercept(PageAwareInterceptor.java:114) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.atlassian.confluence.spaces.actions.SpaceAwareInterceptor.intercept(SpaceAwareInterceptor.java:82) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.atlassian.confluence.core.actions.LastModifiedInterceptor.intercept(LastModifiedInterceptor.java:39) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.atlassian.confluence.core.ConfluenceAutowireInterceptor.intercept(ConfluenceAutowireInterceptor.java:25) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.atlassian.confluence.util.XWorkTransactionInterceptor.intercept(XWorkTransactionInterceptor.java:133) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) at com.opensymphony.xwork.DefaultActionProxy.execute(DefaultActionProxy.java:115) at com.opensymphony.webwork.dispatcher.ServletDispatcher.serviceAction(ServletDispatcher.java:229) at com.opensymphony.webwork.dispatcher.ServletDispatcher.service(ServletDispatcher.java:199) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:117) at com.atlassian.confluence.util.profiling.ProfilingPageFilter.parsePage(ProfilingPageFilter.java:143) at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:51) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.confluence.util.ServletContextThreadLocalFilter.doFilter(ServletContextThreadLocalFilter.java:30) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.confluence.util.UserThreadLocalFilter.doFilter(UserThreadLocalFilter.java:45) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:182) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.seraph.filter.LoginFilter.doFilter(LoginFilter.java:181) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.johnson.filters.JohnsonFilter.doFilter(JohnsonFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.springframework.orm.hibernate.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:170) at bucket.custom.FlushingSpringSessionInViewFilter.doFilterInternal(FlushingSpringSessionInViewFilter.java:31) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:73) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.util.profiling.filters.ProfilingFilter.doFilter(ProfilingFilter.java:122) at com.atlassian.confluence.util.error.ProfilingAndErrorFilter.doFilter(ProfilingAndErrorFilter.java:27) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.core.filters.gzip.GzipFilter.doFilter(GzipFilter.java:61) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.atlassian.core.filters.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:37) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:534)

[ Permalink | « Hide ]

Agnes Ro [Atlassian] added a comment - 16/Oct/06 11:40 PM

Fixed.