Details
-
Bug
-
Resolution: Obsolete
-
Medium
Description
I tried to create this user while connected to gapps: "'><script>altert('testuser')</script>. I got this exception log.txt:
@400000004fce8fe913c0a9dc 2012-06-05 23:01:51,326 TP-Processor12 ERROR [500ErrorPage.jsp] Exception caught in 500 page java.lang.RuntimeException: com.google.gdata.client.authn.oauth.OAuthException: java.net.URISyntaxException: Illegal character in path at index 63: https://apps-apis.google.com/a/feeds/atl-paid-dev.com/user/2.0/"'><script>altert('testuser')</script> @400000004fce8fe913c0b97c java.lang.IllegalStateException: java.lang.RuntimeException: com.google.gdata.client.authn.oauth.OAuthException: java.net.URISyntaxException: Illegal character in path at index 63: https://apps-apis.google.com/a/feeds/atl-paid-dev.com/user/2.0/"'><script>altert('testuser')</script> @400000004fce8fe913c0f414 at com.atlassian.agmp.openid.users.mgmt.jira.UserServiceImpl.userExistsInGoogle(UserServiceImpl.java:524) @400000004fce8fe913c0f7fc at com.atlassian.agmp.integration.jira.action.AddUserInterceptor.isGoogleUser(AddUserInterceptor.java:72) @400000004fce8fe913c0ffcc at com.atlassian.agmp.integration.jira.action.AddUserInterceptor.interceptDoExecute(AddUserInterceptor.java:43) @400000004fce8fe913c103b4 at com.atlassian.peace.jira.ActionPeacekeeper.intercept(ActionPeacekeeper.java:46) @400000004fce8fe913c13294 at webwork.interceptor.NestedInterceptorChain.proceed(NestedInterceptorChain.java:27) @400000004fce8fe913c1367c at webwork.interceptor.ChainedInterceptor.intercept(ChainedInterceptor.java:16) @400000004fce8fe913c1367c at webwork.interceptor.DefaultInterceptorChain.proceed(DefaultInterceptorChain.java:35) @400000004fce8fe913c13a64 at webwork.dispatcher.GenericDispatcher.executeAction(GenericDispatcher.java:205) @400000004fce8fe913c1461c at webwork.dispatcher.GenericDispatcher.executeAction(GenericDispatcher.java:143) @400000004fce8fe913c14a04 at com.atlassian.jira.web.dispatcher.JiraWebworkActionDispatcher.service(JiraWebworkActionDispatcher.java:152) @400000004fce8fe913c14dec at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) @400000004fce8fe913c14dec at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) @400000004fce8fe913c159a4 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) @400000004fce8fe913c15d8c at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:78) @400000004fce8fe913c16174 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) @400000004fce8fe913c1655c at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) @400000004fce8fe913c17114 at com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:44) @400000004fce8fe913c174fc at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) @400000004fce8fe913c178e4 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) @400000004fce8fe913c17ccc at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) @400000004fce8fe913c18884 at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) @400000004fce8fe913c18c6c at com.atlassian.labs.botkiller.BotKillerFilter.doFilter(BotKillerFilter.java:36) @400000004fce8fe913c19054 at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) @400000004fce8fe913c1943c at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) @400000004fce8fe913c19c0c at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) @400000004fce8fe913c19ff4 at com.atlassian.jira.tzdetect.IncludeResourcesFilter.doFilter(IncludeResourcesFilter.java:39) @400000004fce8fe913c1af94 at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) @400000004fce8fe913c1b37c at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) @400000004fce8fe913c1b764 at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) @400000004fce8fe913c1bb4c at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25) @400000004fce8fe913c1c31c at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) @400000004fce8fe913c1c704 at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) @400000004fce8fe913c1caec at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) @400000004fce8fe913c1ced4 at com.atlassian.agmp.integration.jira.ReprovisionConfigFilter.doFilter(ReprovisionConfigFilter.java:87) @400000004fce8fe913c1d6a4 at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) @400000004fce8fe913c1da8c at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) @400000004fce8fe913c2019c at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) @400000004fce8fe913c20584 at com.atlassian.agmp.gdata.servlet.GDataServiceErrorServletFilter.doFilter(GDataServiceErrorServletFilter.java:43) @400000004fce8fe913c2096c at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) @400000004fce8fe913c220dc at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) @400000004fce8fe913c224c4 at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) @400000004fce8fe913c228ac at com.atlassian.studio.core.servlet.filter.AlacarteLicenseEnforcer.doFilter(AlacarteLicenseEnforcer.java:71) @400000004fce8fe913c2307c at com.atlassian.studio.jira.servlet.filter.AlacarteLicenseJiraEnforcer.doFilter(AlacarteLicenseJiraEnforcer.java:122) @400000004fce8fe913c23464 at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) @400000004fce8fe913c2384c at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) @400000004fce8fe913c2401c at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) @400000004fce8fe913c24fbc at com.atlassian.peace.AbstractPeacePageFilter.doFilter(AbstractPeacePageFilter.java:39) @400000004fce8fe913c253a4 at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)