Details
-
Suggestion
-
Resolution: Fixed
-
None
-
None
Description
The current XML-RPC (JiraXmlRpcService) does not do type-checking before casting an Object to String, e.g.
private RemoteCustomFieldValue makeCustomFieldValue(Hashtable struct) throws IllegalAccessException, InvocationTargetException { RemoteCustomFieldValue customFieldValue = new RemoteCustomFieldValue(); customFieldValue.setCustomfieldId((String) struct.get("customfieldId")); customFieldValue.setKey((String) struct.get("key")); customFieldValue.setValues(makeStringVector((Vector) struct.get("values"))); return customFieldValue; } private String[] makeStringVector(Vector vector) { final String[] strings = new String[vector.size()]; int i = 0; for (Iterator iterator = vector.iterator(); iterator.hasNext();) { Object j = iterator.next(); strings[i] = (String) j; i++; } return strings; }
This should not be a problem, however, say, if a client is using Perl's XMLRPC::Lite, a string-type integer will be converted to and sent as integer-type, e.g.
... <name>customFieldValues</name> <value> <array> <data> <value> <value> <struct> <member> <name>customfieldId</name> <value> <string>customfield_10100</string> </value> </member> <member> <name>values</name> <value> <array> <data> <value> <int>10194</int> </value> </data> </array> </value> </member> <member> <name>key</name> <value> <int>1</int> </value> </member> </struct> </value> </data> </array> </value> </member> ...
The client will then receive an InfraStructureException.
There should be type checking before casting, if it is not a String object, use the toString() function.
Attachments
Issue Links
- is related to
-
CONFSERVER-9880 RPC storePage parentId should handle string type
- Closed