Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.8.2, 3.0
-
None
-
JSPWiki 2.8.2
Tomcat 5.5
Java 6
z/OS 1.8
Description
Users logging in don't get their Favorites Menu showed anymore, also their G'day <name> greeting is not correct (shows userid instead of name).
This happens after a new colleague tries to register a new user in JSPWiki.
Analysis reveals that after the user has registered, an entry in userdatabase.xml is added with a password that has invalid XML characters, for example :
<user uid="" loginName="hidden" wikiName="alsohidden" fullName="whatever" email="alice@wonderland.org" password="
{SSHA}åÌ“ç¢é+/!ÎÑ>ì¦ÂÉëçÅ (<>ííå ¦!“ ãî " created="2009.01.20 at 14:02:35:461 CET" lastModified="2009.01.20 at 14:02:35:461 CET" lockExpiry="" >
As a result the userdatabase.xml cannot be parsed anymore.
Further code analysis brings me to AbstractUserDatabase that transforms a String to bytes with a hardcoded codepage of UTF8:
hash = CryptoUtil.getSaltedPassword( text.getBytes("UTF-8") );
Then the CryptoUtil does it's job, and finally returns a back converted string from a byte array without an encoding parameter :
return SSHA + new String( base64 );
Now, this almost always goes fine on ASCII based platforms, but it almost always fails on EBCDIC based platforms (yes yes , I know, the IBM Mainframe again).
I will attach a patch for review, if there are no objections I'd like to commit it.
I think it should be patched in both trunk and 2.8.2.