Christopher Schultz
Christopher Schultz
While I haven't actually looked at the code (for either `request.parseParameters` or this Valve), I thought the point of `maxParameterCount` was that the request would actually fail to be fully-parsed...
I wonder if this is simply a version update that needs to happen. SuperMicro's support for IPMI and KVM is so terrible I wouldn't be surprised if they patched some...
Hmm, steps-to-reproduce must be more elaborate. I just tried it again by just saving a new connection alongside the rest and it worked as expected. When I filed this, I...
Once I see this stack trace once, it will happen again every time I even load the *Channels browser*. I don't even have to go to an individual channel. Clicking...
I will be running with Java 8 to see if it also (eventually) fails, there.
Oh, this is MCA 4.5.0 BTW.
@sidhantmourya Can we get a PR started for this? It's perfectly fine to label it [WIP] and have the code publicly available for inspection. It might make it easier to...
Note that the methods themselves are mostly nonsense. I took a situation in a real class and beat on it until it was simple and reproduceable.
There is a bug in this code. For the URL `/foo/bar?xcsrf=&xcsrf&xcsrf&xcsrf&xcsrf=abc&xcsrf=` it will enter an infinite loop.
It also will incorrectly identify parameters which end with the parameter name (e.g. `xcsrf`).