Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-21647

REST API allows file names containing carriage returns to be created

    Details

    • Type: Service Pack Request
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: 6.2.1.1
    • Fix Version/s: 6.2.N
    • Component/s: ACS REST API
    • Labels:
      None
    • Environment:
      Linux
    • Bug Priority:
      Category 3
    • ACT Numbers:

      01010099

      Description

      Description

      When using Share to upload a file containing \r in its name, an error is thrown.

      The REST API allows a user to create a file with a name containing \r  (also \n). This leads to Error nodes in the Solr index and the files are nor searchable.

      Steps to reproduce

      Start Alfresco 6.2.1 with Search Service 1.4.0

      Find the UUID of the Shared Files

      Send a call from Postman
      http://host:port/alfresco/api/-default-/public/alfresco/versions/1/nodes/UUID/children
      with body

      { "name":"test-search\r1.txt", "nodeType":"cm:content" }

      or issue a similar cURL command

      Observed behaviour

      There is a 201 response and the node is created. The file name string in the db contains \r

      Expected behaviour

      An error is thrown or the \r is removed from the file name

      Notes:

      If you take a Solr summary and there will be a new Error Node in the index

       

      2020-06-24 15:50:20.230 WARN (SolrTrackingPool-alfresco-MetadataTracker-4) [ ] o.a.s.SolrInformationServer Node index failed and skipped for 878 in Tx 26
      org.json.JSONException: Unterminated string at 2524 [character 241 line 64]
      at org.json.JSONTokener.syntaxError(JSONTokener.java:433)
      at org.json.JSONTokener.nextString(JSONTokener.java:261)
      at org.json.JSONTokener.nextValue(JSONTokener.java:361)
      at org.json.JSONArray.<init>(JSONArray.java:116)
      at org.json.JSONTokener.nextValue(JSONTokener.java:367)
      at org.json.JSONObject.<init>(JSONObject.java:215)
      at org.json.JSONTokener.nextValue(JSONTokener.java:364)
      at org.json.JSONArray.<init>(JSONArray.java:116)
      at org.json.JSONTokener.nextValue(JSONTokener.java:367)
      at org.json.JSONObject.<init>(JSONObject.java:215)
      at org.alfresco.solr.client.SOLRAPIClient.getNodesMetaData(SOLRAPIClient.java:887)
      at org.alfresco.solr.SolrInformationServer.indexNode(SolrInformationServer.java:1529)
      at org.alfresco.solr.SolrInformationServer.indexNodes(SolrInformationServer.java:1948)
      at org.alfresco.solr.tracker.MetadataTracker$NodeIndexWorkerRunnable.doWork(MetadataTracker.java:952)
      at org.alfresco.solr.tracker.AbstractWorkerRunnable.run(AbstractWorkerRunnable.java:45)
      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
      at java.base/java.lang.Thread.run(Thread.java:834)

       

       

       

       

       

       

        Attachments

          Issue Links

          relates to

          Service Pack Request - MNT-21110 REST API Allows return carriage and new line in Group ID field

          • Need Info

            Structure

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  mtonelli Marco Tonelli
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:

                    Structure Helper Panel