Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.8, 2.8.1
-
None
Description
There is a code in Confluence that generates URIs like this:
/display/null/<year>/<month>/<day>/
If a user or a bot navigates to this url, an exception is thrown.
Example: http://confluence.atlassian.com/display/null/2007/06/25/
org.apache.velocity.exception.MethodInvocationException: Invocation of method 'getFormattedDateRangeDescription' in class com.atlassian.confluence.pages.actions.ViewBlogPostsByDateAction threw exception java.lang.NullPointerException @ /pages/viewblogpostsbydate.vm[3,120] at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:286) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:203) at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:294) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:318) at org.apache.velocity.Template.merge(Template.java:254) at com.opensymphony.webwork.dispatcher.VelocityResult.doExecute(VelocityResult.java:91) at com.atlassian.xwork.results.ProfiledVelocityResult.doExecute(ProfiledVelocityResult.java:21)
Stack traces like this are cluttering our logs. Please fix the problem by validating the input. If we find what is generating these URIs we'll log a separate JIRA.
thanks!