Ticket #28678

comments.jsonのcountパラメータに不正な整数を指定すると落ちる

Eröffnet am: 2012-06-09 23:12 Letztes Update: 2012-08-04 01:02

Auswertung:
(del#75351)
Verantwortlicher:
(del#75351)
Typ:
Status:
Offen [Owner assigned]
Komponente:
Meilenstein:
(Keine)
Priorität:
5 - Mittel
Schweregrad:
5 - Mittel
Lösung:
Keine
Datei:
Keine

Details

countパラメータに負の整数をわたすと、不正なSQL文を発行して落ちます。

リクエスト:

/courses/101/comments.json?count=-1

スタックトレース:

org.seasar.framework.exception.SQLRuntimeException: [ESSR0072]SQLException(SQL=[SELECT comment.comment_id, comment.course_id, comment.user_id, comment.type, comment.created, comment.content FROM comment WHERE course_id = ? ORDER BY created LIMIT ?], Message=[[ESSR0072]SQLException(SQL=[SELECT comment.comment_id, comment.course_id, comment.user_id, comment.type, comment.created, comment.content FROM comment WHERE course_id = ? ORDER BY created LIMIT ?], Message=[1064], ErrorCode=42000, SQLState={3}) occurred : [SQLException(Message=[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1' at line 1], ErrorCode=1064, SQLState=42000) occurred], [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1' at line 1], ErrorCode=1064, SQLState=42000) occurred
        at org.seasar.framework.util.PreparedStatementUtil.executeQuery(PreparedStatementUtil.java:51)
        at org.seasar.extension.jdbc.impl.BasicResultSetFactory.createResultSet(BasicResultSetFactory.java:44)
        at org.seasar.extension.jdbc.impl.BasicSelectHandler.createResultSet(BasicSelectHandler.java:281)
        at org.seasar.extension.jdbc.impl.BasicSelectHandler.execute(BasicSelectHandler.java:257)
        at org.seasar.extension.jdbc.impl.BasicSelectHandler.execute(BasicSelectHandler.java:210)
        at org.seasar.extension.jdbc.impl.BasicSelectHandler.execute(BasicSelectHandler.java:184)
        at org.seasar.dao.impl.SelectDynamicCommand.execute(SelectDynamicCommand.java:72)
        at org.seasar.dao.interceptors.S2DaoInterceptor.invoke(S2DaoInterceptor.java:53)
        at org.seasar.dao.pager.PagerS2DaoInterceptorWrapper.invoke(PagerS2DaoInterceptorWrapper.java:71)
        at jp.sourceforge.observoice.dao.CommentDao$$EnhancedByS2AOP$$327d8933$$MethodInvocation$$selectByCourseId2.proceed(MethodInvocationClassGenerator.java)
        at jp.sourceforge.observoice.dao.CommentDao$$EnhancedByS2AOP$$327d8933.selectByCourseId(CommentDao$$EnhancedByS2AOP$$327d8933.java)
        at jp.sourceforge.observoice.service.CommentService.getComments(CommentService.java:38)
        at jp.sourceforge.observoice.resources.CommentResource.getComments(CommentResource.java:48)
        at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
        at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
        at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
        at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
        at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
        at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1483)
        at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1414)
        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1363)
        at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1353)
        at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:414)
        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
        at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:708)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.seasar.framework.container.filter.S2ContainerFilter.doFilter(S2ContainerFilter.java:79)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at jp.sourceforge.observoice.ExtensionFilter.doFilter(ExtensionFilter.java:33)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1770)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:722)
Caused by: org.seasar.framework.exception.SSQLException: [ESSR0072]SQLException(SQL=[SELECT comment.comment_id, comment.course_id, comment.user_id, comment.type, comment.created, comment.content FROM comment WHERE course_id = ? ORDER BY created LIMIT ?], Message=[1064], ErrorCode=42000, SQLState={3}) occurred
        at org.seasar.extension.jdbc.impl.PreparedStatementWrapper.wrapException(PreparedStatementWrapper.java:72)
        at org.seasar.extension.jdbc.impl.PreparedStatementWrapper.wrapException(PreparedStatementWrapper.java:67)
        at org.seasar.extension.jdbc.impl.PreparedStatementWrapper.executeQuery(PreparedStatementWrapper.java:83)
        at org.seasar.framework.util.PreparedStatementUtil.executeQuery(PreparedStatementUtil.java:49)
        ... 52 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1' at line 1
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
        at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
        at com.mysql.jdbc.Util.getInstance(Util.java:386)
        at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
        at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4096)
        at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4028)
        at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2490)
        at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2651)
        at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2683)
        at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2144)
        at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2310)
        at org.seasar.extension.jdbc.impl.PreparedStatementWrapper.executeQuery(PreparedStatementWrapper.java:81)
        ... 53 more

Ticket-Verlauf (3/3 Historien)

2012-06-09 23:12 Aktualisiert von: (del#75351)
  • New Ticket "comments.jsonのcountパラメータに不正な整数を指定すると落ちる" created
2012-06-09 23:46 Aktualisiert von: (del#75351)
  • Verantwortlicher Update from (Keine) to kaorimatz
2012-08-04 01:02 Aktualisiert von: (del#75351)
  • Komponente Update from (Keine) to サーバ

Dateianhangliste

Keine Anhänge

Bearbeiten

Please login to add comment to this ticket » Anmelden